"Crypto-Mining Worm Steal AWS Credentials"

Security researchers have discovered cryptocurrency mining malware capable of stealing AWS credentials from infected servers. The malware was observed being used by TeamTNT, a cybercrime group that targets Docker installations. According to researchers, TeamTNT has been active since April. TeamTNT scans the internet for misconfigured Docker systems that have their management API exposed without a password. After gaining access to the API, they deploy servers inside the Docker installation that would run Distributed Denial-of-Service (DDoS) and cryptocurrency mining malware. The researchers have now discovered that the cybercrime group is now targeting Kubernetes installations as well. This article continues to discuss the history and expanded operations of the TeamTNT gang. 

ZDNet reports "Crypto-Mining Worm Steal AWS Credentials"