The frequent targeting of cloud and container environments is clearly indicative of a vast attack surface for cybercriminals. Recently, Cado Security researchers have revealed the first-ever crypto-mining worm dubbed ‘TeamTNT’ containing Amazon Web Services’ specific functionality.
Active since April 2020, TeamTNT has recently updated its mode of operation in mid-August.
TeamTNT has added a new data-stealing feature that allows the attackers to scan and steal AWS credentials smoothly. It is the first botnet malware that is used to scan and steal AWS credentials.
The worm steals local credentials and scans the internet for detecting misconfigured Docker systems.
Source: Cyware