You are currently viewing Google Cloud can now detect cryptomining malware planted in virtual machines

Google Cloud can now detect cryptomining malware planted in virtual machines


To keep its virtual machines (VM) safe from cryptominers, Google has launched a new platform aimed at stopping malware for good.

The new Virtual Machine Threat Detection (VMTD) tool is available for Google Cloud’s Security Command Center Premium customers, and will work without additional software, meaning there won’t be any significant impact on the performance of the virtual machines, or operational burden for agent deployment and management.

As a result, there is less attack surface, and instead of using an agent, the threat detection adds “nearly universal and hard-to-tamper-with threat detection” to the hypervisor. 

Mining anonymous cryptos 

Cryptominers are a unique type of malware which, instead of trying to destroy the machine, steal sensitive data, or assimilate the device into a botnet, take advantage of the computing power to generate cryptocurrencies for the attacker.

Some blockchain networks operate on a mechanism called Proof of Work, in which computers that make up the network do heavy computing, and are rewarded in the network’s token. The process is also known as mining. 

The devices that “mine” cryptocurrencies are usually incapable of doing anything else, as mining takes up most of the devices’ compute power. 

Some malicious actors started distributing cryptomining malware which forces the victim’s device into mining, and sends all the earnings to the attackers. Usually, cryptominers mine the Monero token, as it’s believed to be a hard one to trace.

Besides rendering the computer almost useless, there is an extra risk with cryptominers on virtual machines – compute cost. 

An earlier report from Google Cloud (published late last year) claims that almost nine in ten (86%) of machines on the public cloud that are infected with malware, carry cryptominers.


Source link