New Crypto-Mining Malware Lurking on Amazon Cloud

Technology > Security

A cryptocurrency mining site in Iceland. / Photo by: Marco Krohn via Wikimedia Commons


A new malware has been discovered on Amazon Web Services and is being used to mine the monero cryptocurrency. The malware, called Xbooster, has already made its way into a number of Windows-based computers that have the combined processing power necessary in harvesting approximately US$100,000 worth of monero, according to John Detrixhe, reporting for Quartz

Monero is more difficult to track than bitcoin because it requires an optimal amount of computing power to mine it but generates a big financial windfall for hackers. The Xbooster malware installs two programs on infected machines: a monero miner and a manager that connects to a command-and-control server on AWS.  

Xbooster is inadvertently installed on computers when users click on a link in a “drive-by download.” This usually occurs when users receive an e-mail from an unknown source when they access a suspicious website that shows up in search results, or the malware may be combined with other types of programs such as freeware or shareware.  

To be able to mine cryptocurrency, computers need to solve complex mathematical calculations and confirm transactions within the network to generate digital tokens. But such a task requires massive processing power, which is why hackers resort to hijacking a large number of machines to be able to dig up cryptocurrency efficiently. 

To elude detection, an infected computer’s CPU usage is kept at a low level by Xbooster’s command-and-control module so that the owner will not notice that the machine has been hijacked to mine cryptocurrency.

For its part, AWS has issued a statement saying they have automatic systems for detecting and blocking many attacks before these get past the company’s computer infrastructure. AWS added that its terms of usage are clear and when it finds misuse it takes action immediately and shuts down affected computers.