TeamTNT launches cryptojacking operation on Kubnernetes clusters

February 4, 2021
  • Uses two ways to establish command and control connections: a tmate reverse shell and an Internet Relay Chat (IRC) channel.
  • Leverages a known Linux process name (bioset) to disguise the malicious process.
  • Runs a library injection technique based on LD_PRELOAD to hide the malicious processes.
  • Encrypts the malicious payload inside a binary to make automated static analysis more difficult.
prestitial ad