News

🚨 Attackers target Huawei Cloud with upgraded Linux malware 🚨

  • 11 October 2021
  • 0 replies
  • 13 views
🚨 Attackers target Huawei Cloud with upgraded Linux malware 🚨
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

TrendMicro have recently noticed another Linux threat evolution that targets relatively new cloud service providers (CSPs) with cryptocurrency-mining malware and cryptojacking attacks. There's a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud. Specifically, the malicious code disables the hostguard service, a Huawei Cloud Linux agent process that "detects security issues, protects the system, and monitors the agent." The malicious code also includes cloudResetPwdUpdateAgent, an open-source plugin agent that allows Huawei Cloud users to reset a password to Elastic Cloud Service (ECS) instance, which is installed by default on public images. As threat actors have these two services present in their shell scripts, we can assume that they are specifically targeting vulnerable ECS instances inside Huawei Cloud.


0 replies

Be the first to reply!

Reply