"New PyLoose Linux Malware Mines Crypto Directly From Memory"

PyLoose, a new fileless malware, has been targeting cloud workloads to use their computational resources in order to mine Monero cryptocurrency. PyLoose is a Python script with a precompiled, base64-encoded XMRig miner, an abused open source tool that uses CPU power to solve the complex algorithms required for cryptocurrency mining. According to Wiz researchers, PyLoose's direct execution from memory makes it stealthy and difficult for security tools to detect. Malware that does not leave a physical footprint on the system's drives is less vulnerable to signature-based detection and typically injects malicious code into legitimate processes using legitimate system tools (Living-off-the-Land (LotL)). Wiz's security researchers first detected PyLoose attacks in the wild in June 2023. Since then, at least 200 cases of compromise by the new malware have been confirmed. This article continues to discuss the new fileless PyLoose malware.  

Bleeping Computer reports "New PyLoose Linux Malware Mines Crypto Directly From Memory"