Malware Mines Monero On Cloud Servers

- Advertisement -

Researchers Xingyu Jin and Claud Xiao, of the cybersecurity firm Palo Alto Networks, published a report yesterday, January 17, regarding Monero mining malware from threat actor Rocke. The malware is said to disable cloud security software to avoid detection and mine Monero using exiting cloud servers.

According to the report, Rocke’s malware targets public cloud infrastructure running on Linux servers, specifically going after cloud security products by Chinese firms Tencent Cloud and Alibaba Cloud. After gaining access, the malware uses uninstall instructions available on Tencent and Alibaba’s websites and “some random blog posts on the Internet,” to remove the existing cloud security without exhibiting detectable vicious behavior.

The paper notes that early versions of Rocke’s malware only attempted to kill security and monitoring agents from Tencent. Because the malware’s authors developed more effective ways to avoid detection, the program can now uninstall the Tencent host security agent, the Tencent cloud monitor agent, the Alibaba threat detection service agent, the Alibaba CloudMonitor agent, and the Alibaba cloud assistant agent.

Once the cloud security and monitor products are uninstalled, the malware “begins to exhibit malicious behaviors.” Not only can the malware block other crypto mining malware from using the infected cloud server, it can also kill other crypto mining processes that may already exist. It can then trigger its “ultimate goal” of mining Monero from within the compromised Linux servers.

Jin and Xiao say that the Rocke group was originally discovered by Cisco’s Talos Intelligence Group in August 2018. Talos’ blog post calls Rocke the “Champion of Monero Miners” and outlines the malware’s most recent attack – at the time of the post – in July 2018.

Earlier this month, researchers Sergio Pastrana and Guillermo Suarez-Tangil, from Universidad Carlos III de Madrid and King’s College London, respectively, published their own report, estimating that hackers have mined at least 4.32 percent of the total Monero in circulation. The researchers assert that at least 2,218 active malicious mining campaigns have gathered roughly 720,000 XMR (worth $57 million), with a single campaign having mined more that 163,000 XMR, or about $18 million, at the time of the paper’s publishing.

- Advertisement -

According to Jin and Xiao, Palo Alto Networks has been in contact with Tencent Cloud and Alibaba Cloud to discuss the Rocke malware’s evasion techniques. “The variant of the malware used by the Rocke group,” they say, “is an example that demonstrates that the agent-based cloud security solution may not be enough to prevent evasive malware targeted at public cloud infrastructure.”

Nicholas Ruggieri studied English with an emphasis in creative writing at the University of Nevada, Reno. When he’s not quoting Vines at anyone who’s willing to listen, you’ll find him listening to too many podcasts, reading too many books, and crocheting too many sweaters for his dogs, RT and Peterman.

Like what you read? Follow us on X @Bitnewsbot to receive the latest Monero, malware or other Ethereum cryptocurrencies and tokens news.

- Advertisement -



Previous Articles:

- Advertisement -

Latest News

Russia Delays Digital Ruble Launch to September 2026 After Pushback

The Bank of Russia has proposed delaying its digital ruble rollout to September 1,...

DOT Miners Attracts Investors With Regulated Passive Crypto Income

DOT Miners offers a cloud mining platform enabling users to earn steady Passive income...

Cloudbet Expands Crypto Crash Game Portfolio With Galaxsys

Willemstad, Curaçao – June 26, 2025 – Cloudbet has added the full suite of...

Coinbase to Launch US-Regulated Bitcoin, Ether Perpetual Futures

Coinbase will launch U.S.-regulated perpetual-style futures for Bitcoin and Ether on July 21.The move...

Fannie Mae, Freddie Mac Now Accept Crypto Assets for Mortgages

Fannie Mae and Freddie Mac will now recognize Bitcoin and other cryptocurrencies as reserves...

Must Read

Top 10 BEST Crypto Trading Books for New Traders

If you're thinking of diving into the crypto trading space, acquiring solid knowledge isn't just recommended - it's essential to protect your investment.Learning...