TeamTNT is the first cryptomining bot that steals AWS credentials

Forum|Forum|5 years ago
August 18, 2020
2 replies
27 views

+54

Jasper_The_Rasper
Moderator

August 18, 2020 By Pierluigi Paganini

Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers.

Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials.

The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs.

The activity of the TeamTNT group has been detailed by security firm Trend Micro, but the new feature was added only recently.

Full Article.

+63

TripleHelix
Moderator
Forum|Forum|5 years ago
August 18, 2020

WSA uses AWS….. “ The botnet operators have added a new feature that scans the underlying infected servers for any Amazon Web Services (AWS) credentials.” Is Webroot safe @DanP :wink:

Thanks,

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.

Like

+35

DanP
OpenText Employee
Forum|Forum|5 years ago
August 18, 2020

WSA uses AWS….. “ The botnet operators have added a new feature that scans the underlying infected servers for any Amazon Web Services (AWS) credentials.” Is Webroot safe @DanP :wink:

Thanks,

@TripleHelix,

This targets misconfigured installations, and the new feature scans for AWS credentials in unencrypted files. We should be safe from this.

-Dan

Webroot Threat Research

Like

Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers.

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded