Skip to main content

New malware 'turns off' cloud security defences

Published on: 25 Jan 2019

A new strain of malware has been unveiled that seeks to avoid detection by actively switching off the cloud security software that is looking for it.

While this behaviour has been seen with desktop antivirus tools, this is the first time that this technique has been seen in the cloud, according to researchers at security firm Palo Alto Networks' Unit 42 division, who detailed the capabilities of the program.

The malware is intended to hijack servers and turn them into cryptocurrency miners - something that has become one of the most common threats facing many networks today.

Researchers noted that the malware does not seem to be aimed at all security tools. Instead, it appears to have been designed to seek out and disable a specific set of cloud security products made by Chinese firms Tencent Cloud and Alibaba Cloud.

As the hackers thought to be behind the malware are also based in China, this is unsurprising, but the researchers expressed concern that the technique could be adopted more broadly to evade detection in cloud environments.

"To the best of our knowledge, this is the first malware family that developed the unique capability to target and remove cloud security products," Unit 42 researchers Xingyu Jin and Claud Xiao said.