Criminals Target Alibaba Cloud ECS instances For Cryptojacking Efforts


The cryptocurrency industry has always attracted criminals, just like any other financial segment. However, the recent attacks against Alibaba cloud is rather intriguing. Attackers intend to focus n crypto mining and malware distribution, with a strong sentiment toward Monero cryptojacking. 

Criminals Take On Alibaba Cloud

  • Several technology companies provide cloud hosting and other cloud-based services to their customers.

  • Amazon is one of the biggest companies, although Alibaba is not far behind.

  • Through Alibaba’s Elastic Computing Service (ECS) instances, developers can deploy programs or test code in a controlled environment. 

  • Those ECS instances from Alibaba are now under attack from criminals successfully disabling various security features.

  • The primary objective is to focus on crypto mining objectives.

  • The options that make Alibaba Cloud stand out from competitors allow for some attractive revenue.

  • However, due to the native security agent, efforts like crypto mining or cryptojacking are not possible.

  • The hackers circumvent this security agent through the creation of new firewall rules,.

  • Moreover, the security agent cannot clean up the running compromise and gets disabled, which is rather elaborate. In some cases, the distributed malware uninstalls the security agent altogether.

  • After bypassing the security measures, the malware installs XMRig cryptominer or a slightly modified version of the software.

  • Alibaba’s decision to let users interface with root access directly may be a key factor in these attacks.

  • Sadly, that also gives attackers the highest privileges, allowing them to advance their attack and escalate the process.

  • Moreover, the Alibaba ECS will auto-scale to increase computing resources on-demand, providing nearly unlimited resources to cryptojacking. 

  • Making matters worse is the modular model of the malware, allowing the crypto miner to be replaced with other malware to increase profit or infect additional endpoints. 

  • Legitimate users affected by this malware will likely see their Alibaba ECS instance bills skyrocket. 

  • It remains unclear if and when this issue will be fixed.

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.