Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket

August 28, 2017

As Bitcoin’s price continues to soar beyond $4,000 USD per, cybercriminals are responding in kind by using techniques long reserved for adware, click-fraud and spying to now drop cryptocurrency miners onto compromised computers.

The latest incident comes from a rash of drive-by downloads that are being used to install coin-mining malware called Zminer, according to researchers from Netskope.

The Zminer executable is being dropped from an exploit kit, which in turn connects with an Amazon S3 storage bucket to grab two payloads called Claymore CryptoNote CPU Miner and Manager.exe. Claymore is the mining utility used to produce Monero, an open-source cryptocurrency that goes to lengths to obfuscate its blockchain, making it a challenge to trace any activity.

Read More on Threat Post