Black-T Malware Emerges From Cryptojacker Group TeamTNT

Black-T Malware Emerges From Cryptojacker Group TeamTNT

The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.

The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.

Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group’s typical approach, with a few new — and sophisticated — extras.

TeamTNT is known for its targeting of Amazon Web Services (AWS) credentials, to break into the cloud and use it to mine for the Monero cryptocurrency. But according to researchers with Palo Alto Network’s Unit 42, with Black-T, the group has added in additional capabilities to its tactics, techniques and procedures (TTPs). These include the addition of sophisticated network scanners; the targeting of competitor XMR mining tools on the network; and the use of password scrapers.

What TeamTNT plans to do with the saved passwords and additional capabilities is still unclear, but the development signals that the group doesn’t plan to slow down anytime soon.

In August, TeamTNT was identified by researchers as the first cryptojacking group to specifically target AWS. With increasingly sophisticated TTPs, the cybercriminal gang appears to be gaining steady momentum. Just last month, TeamTNT was discovered to have been leveraging a common open-source cloud monitoring tool called Weave Scope, to infiltrate the cloud and execute commands without breaching the server.

Black-T represents a notable jump forward in the operation’s sophistication, researchers said.

Once deployed, the first order of business for Black-T is to disable any other malware competing for processing power, including Kinsing, Kswapd0, ntpd miner, redis-backup miner, auditd miner, Migration miner, the Crux worm and Crux worm miner. Ironically, the fact that TeamTNT identified these competitors in their malware gives security professionals a critical heads-up to be on the lookout for potential threats from these groups, Unit 42 said.

cloud security malware aws beta black-t cloud systems crux worm crux worm miner cryptocurrency cryptojacking malware masscan mimipenquin mimipy monero palo alto networks pnscan rocke pacha teamtnt unit 42 worm xmp xmr mining zmap

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

AWS Cryptojacking Worm Spreads Through the Cloud

The malware harvests AWS credentials and installs Monero cryptominers.

Multi-cloud Spending: 8 Tips To Lower Cost

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Cloud Mining: A New Approach to Cryptocurrency Business

Cloud mining combines the advantages of cloud with cryptocurrency mining for a more cost- and energy-efficient mining.

Cloud Security: Is it Worth it?

Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.