Cybersecurity researchers from SafeBreach have revealed the development of the first fully undetectable cloud-based cryptocurrency miner, utilizing Microsoft Azure Automation without incurring charges.
The study aimed to identify the "ultimate crypto miner," one that offers unlimited computational resources with minimal maintenance, cost, and detection risk.
SafeBreach discovered three methods for running the miner, with one capable of execution in a victim's environment without raising alarms.
The technique exploited a bug in the Azure pricing calculator, enabling the execution of an unlimited number of jobs at no cost within the attacker's environment.
Microsoft has since addressed this issue.
Another method involved creating a test job for mining, marking it as "Failed," and then initiating another dummy test job, effectively concealing code execution within the Azure environment.
Threat actors could leverage these methods, establishing a reverse shell to achieve their goals.
Additionally, the researchers found that code execution was possible by exploiting Azure Automation's feature allowing users to upload custom Python packages.
Microsoft responded, categorizing the behavior as "by design," indicating that the method remains exploitable without charges.
SafeBreach released a proof-of-concept called CloudMiner, showcasing the ability to harness free computing power within Azure Automation using the Python package upload mechanism.
The cybersecurity firm cautioned that these techniques could extend beyond cryptocurrency mining, posing a threat to any task requiring code execution on Azure.
Donate, help us continue our work š #CyberThreats #CryptoMining #HackerAlert