{"id":3293,"date":"2019-01-21T12:46:27","date_gmt":"2019-01-21T17:46:27","guid":{"rendered":"https:\/\/solutionsreview.com\/cloud-platforms\/?p=3293"},"modified":"2019-01-21T12:49:23","modified_gmt":"2019-01-21T17:49:23","slug":"new-version-of-xbash-malware-targets-cloud-security-programs","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/","title":{"rendered":"New Version of Xbash Malware Targets Cloud Security Programs"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-3294\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg\" alt=\"New Version of Xbash Malware Targets Cloud Security Programs\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg 800w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF-300x150.jpg 300w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF-768x384.jpg 768w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF-540x270.jpg 540w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF-162x81.jpg 162w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\">Palo Alto Networks&#8217; cyberthreat intelligence team, <a href=\"https:\/\/unit42.paloaltonetworks.com\/\" target=\"_blank\" rel=\"noopener\">Unit 42<\/a>, recently unearthed a <a href=\"https:\/\/unit42.paloaltonetworks.com\/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products\/\" target=\"_blank\" rel=\"noopener\">new malware<\/a>\u00a0related to the Linux cryptocurrency mining malware Xbash. Discovered <a href=\"https:\/\/unit42.paloaltonetworks.com\/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows\/\" target=\"_blank\" rel=\"noopener\">last year<\/a>, Xbash targets Linux servers and deletes Linux databases while also mining systems for cryptocurrency. Threat actor group Rocke, apparently associated with the Iron cybercrime group, developed Xbash and this latest malware. Unit 42&#8217;s report on the new malware revealed that it was capable of removing cloud security products from the user&#8217;s computer. Specifically, it can deactivate programs released by <a href=\"https:\/\/intl.cloud.tencent.com\/\" target=\"_blank\" rel=\"noopener\">Tencent Cloud<\/a> and <a href=\"https:\/\/us.alibabacloud.com\/\" target=\"_blank\" rel=\"noopener\">Alibaba Cloud<\/a>.<\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n<p style=\"text-align: justify\">Rather than attack the security software, the malware follows Tencent and Alibaba&#8217;s instructions for uninstalling the programs. These instructions are publicly available on <a href=\"https:\/\/intl.cloud.tencent.com\/document\/product\/296\/2223\" target=\"_blank\" rel=\"noopener\">Tencent&#8217;s<\/a> and <a href=\"https:\/\/www.alibabacloud.com\/help\/doc-detail\/68616.htm?spm=a2c63.p38356.b99.20.7cb5ccfflXqiS3\" target=\"_blank\" rel=\"noopener\">Alibaba&#8217;s<\/a> websites. Once the security programs have been uninstalled, the malware then proceeds to mine <a href=\"https:\/\/www.getmonero.org\/\" target=\"_blank\" rel=\"noopener\">Monero<\/a> cryptocurrency from infected machines. Unit 42 believes that this is the first malware to specifically target cloud security programs. They are currently working with Tencent and Alibaba to address security concerns caused by this malware.<\/p>\n<p style=\"text-align: justify\">According to Unit 42, malware creators realize that agent-based security programs may be able to detect malware invasions. Thus, they are focusing on discovering new ways to avoid detection by monitors in order to gain access to systems. Unit 42 concluded their report by saying, &#8220;The variant of the malware used by the Rocke group is an example that demonstrates that the agent-based cloud security solution may not be enough to prevent evasive malware targeted at public cloud infrastructure.&#8221;<\/p>\n<p style=\"text-align: justify\">The Rocke group focuses on Monero cryptomining and was first seen operating in 2018. They are one of several cryptomining malware developers to come out as illegal cryptomining becomes more and more popular. Unit 42&#8217;s analysis shows that Xbash and the new malware are still under active development. It is likely that Rocke is going to expand their malware to target other cloud security providers. Unit 42 provides ways for clients to protect themselves from Xbash in their <a href=\"https:\/\/unit42.paloaltonetworks.com\/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows\/\" target=\"_blank\" rel=\"noopener\">initial report<\/a> on the malware.<\/p>\n<p style=\"text-align: justify\"><em><strong>Check us out on\u00a0<a class=\"external\" href=\"https:\/\/twitter.com\/CloudTechReview\" target=\"_blank\" rel=\"noopener nofollow\">Twitter<\/a>\u00a0for the latest in Enterprise Cloud news and developments!<\/strong><\/em><\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks&#8217; cyberthreat intelligence team, Unit 42, recently unearthed a new malware\u00a0related to the Linux cryptocurrency mining malware Xbash. Discovered last year, Xbash targets Linux servers and deletes Linux databases while also mining systems for cryptocurrency. Threat actor group Rocke, apparently associated with the Iron cybercrime group, developed Xbash and this latest malware. Unit [&hellip;]<\/p>\n","protected":false},"author":45,"featured_media":3294,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[950,33,949,947,79,948],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Version of Xbash Malware Targets Cloud Security Programs<\/title>\n<meta name=\"description\" content=\"Palo Alto Networks recently unearthed a new malware\u00a0related to the Linux cryptocurrency mining malware Xbash that targets cloud security programs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Hein\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/\",\"name\":\"New Version of Xbash Malware Targets Cloud Security Programs\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg\",\"datePublished\":\"2019-01-21T17:46:27+00:00\",\"dateModified\":\"2019-01-21T17:49:23+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/6864a6433d5b9cae6d22634014694c8c\"},\"description\":\"Palo Alto Networks recently unearthed a new malware\u00a0related to the Linux cryptocurrency mining malware Xbash that targets cloud security programs.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg\",\"width\":800,\"height\":400,\"caption\":\"New Version of Xbash Malware Targets Cloud Security Programs\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Version of Xbash Malware Targets Cloud Security Programs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\",\"name\":\"Best Enterprise Cloud Strategy Tools, Vendors, Managed Service Providers, MSP and Solutions\",\"description\":\"Guides, Analysis and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/6864a6433d5b9cae6d22634014694c8c\",\"name\":\"Daniel Hein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4898ed0ee982b139754b5a4523e45813?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4898ed0ee982b139754b5a4523e45813?s=96&d=blank&r=g\",\"caption\":\"Daniel Hein\"},\"description\":\"Dan is a tech writer who writes about Cybersecurity for Solutions Review. He graduated from Fitchburg State University with a Bachelor's in Professional Writing. You can reach him at dhein@solutionsreview.com\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/author\/dhein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Version of Xbash Malware Targets Cloud Security Programs","description":"Palo Alto Networks recently unearthed a new malware\u00a0related to the Linux cryptocurrency mining malware Xbash that targets cloud security programs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/","twitter_misc":{"Written by":"Daniel Hein","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/","url":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/","name":"New Version of Xbash Malware Targets Cloud Security Programs","isPartOf":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg","datePublished":"2019-01-21T17:46:27+00:00","dateModified":"2019-01-21T17:49:23+00:00","author":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/6864a6433d5b9cae6d22634014694c8c"},"description":"Palo Alto Networks recently unearthed a new malware\u00a0related to the Linux cryptocurrency mining malware Xbash that targets cloud security programs.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#primaryimage","url":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg","contentUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2019\/01\/oie_7jbPf1ou71HF.jpg","width":800,"height":400,"caption":"New Version of Xbash Malware Targets Cloud Security Programs"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/new-version-of-xbash-malware-targets-cloud-security-programs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/cloud-platforms\/"},{"@type":"ListItem","position":2,"name":"New Version of Xbash Malware Targets Cloud Security Programs"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website","url":"https:\/\/solutionsreview.com\/cloud-platforms\/","name":"Best Enterprise Cloud Strategy Tools, Vendors, Managed Service Providers, MSP and Solutions","description":"Guides, Analysis and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/6864a6433d5b9cae6d22634014694c8c","name":"Daniel Hein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4898ed0ee982b139754b5a4523e45813?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4898ed0ee982b139754b5a4523e45813?s=96&d=blank&r=g","caption":"Daniel Hein"},"description":"Dan is a tech writer who writes about Cybersecurity for Solutions Review. He graduated from Fitchburg State University with a Bachelor's in Professional Writing. You can reach him at dhein@solutionsreview.com","url":"https:\/\/solutionsreview.com\/cloud-platforms\/author\/dhein\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/3293"}],"collection":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/users\/45"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/comments?post=3293"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/3293\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media\/3294"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media?parent=3293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/categories?post=3293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/tags?post=3293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}