Novel undetectable cryptominer developed via Azure exploit

Hackread reports that Microsoft Azure's Automation Service was leveraged to create the first cryptocurrency miner that could not be detected by security systems. SafeBreach Labs researchers were able to develop the "ultimate cryptominer" by exploiting Azure Automation Service behavior that facilitated the stealthy in-background installation of custom Python packages uploaded on the platform in a bid to avert runbook execution issues. Azure Automation was noted to use the malicious pip package uploaded by researchers for every subsequent upload, enabling code execution and access token acquisition. Moreover, simultaneous import flows amounting to nearly 10,000 minutes of runtime revealed that the cryptominer did not yield any charges a month later, according to the report. Aside from affecting cryptomining, such an issue could also impact the functionality of other code execution-requiring domains in Azure, said researchers. Microsoft's Security Response Center has already been notified regarding the issue but Common Vulnerabilities and Exposures tracking is yet to be provided.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.