Cryptojackers Turn Against Each Other

Most people probably picture cyber warfare as a battle between bad hacker groups and good cybersecurity firms. But what happens when two hacker groups groups declare war on each other?

There is a new cyber war being waged between cryptojacking groups on Linux cloud servers all over the world.

Cryptojacking: A Booming Industry

While there are currently no reliable estimates of the size of cryptojacking in terms of revenue, cybersecurity firms have offered recent analyses that help to put the threat in some context.

Two major cybersecurity firms noted a cryptojacking penetration rate of more than 20% of their corporate customers in 2018, up from around 10% in 2017. The 2018 McAfee Labs Threats Report found more than 2.9 million samples of cryptomining malware in the first quarter of 2018 alone, over 600% more than the previous year.

Cyber criminals have realized that cryptojacking is a lucrative way of exploiting their illicit access to computing devices.

A New Escalation: Linux Cloud Servers  

In a demonstration of how sophisticated and dangerous these cryptojacking gangs have become, they have begun attacking each other’s malware on infected Linux cloud servers as reported by Techradar.

Intezer, a cybersecurity firm, has recently detected a new form of cryptomining malware deployed by the Pacha Group named Linux.GreedyAntd, that incorporates a number of methods for detecting and disabling similar malware deployed by a rival cryptojacking organization known as the Rocke Group.

The malware employed by these groups is already highly advanced and sophisticated, designed to exploit unique vulnerabilities in Linux cloud servers and specifically disable their systems for threat detection and elimination. The Pacha Group’s most recent escalation of their malware is the inclusion of a list of blocked IP addresses associated with the Rocke Group that redirects their previously injected malware to operate for the benefit of the Pacha Group.

The fact that these groups are augmenting their cryptojacking malware to detect, eliminate, or even redirect the malware of their rivals with targeted ‘kill-lists’ is a serious escalation in cyber warfare, and an important one for authorities to monitor.