Rocke Group’s Cryptojacking Script Can Bypass Cloud Security

Reading Time: 2 minutes

Rocke Group is well known for developing XBash – a crypto mining malware script that can disable security monitoring tools. In a rather scary twist, thanks to its latest upgrade, it can now deactivate and bypass numerous cloud security software solutions, such as Alibaba Cloud and Tencent Cloud. After deactivating these security solutions, the script will then take over the compromised machine and illegally mine Monero for the hackers.

Huge Danger for Linux Systems

Rocke’s XBash takes advantage of a well-known backdoor in the Linux OS, leaving any systems running Linux based machines and servers at risk of attack. The script targets a security flaw whereby a backdoor can be downloaded to the system, which allows XBash to install itself and disarm any security solutions. It then installs its crypto mining script and takes over the device. On top of removing any security software, Rocke’s script can also deactivate and remove any other crypto mining malware that could be already installed on the machine – a deadly malware parasite.

Cryptojacking Topping the Charts

There is no doubt that cryptojacking is becoming a real issue around the globe, with cryptojacking attacks becoming more numerous in some countries than any other form of malware attack. Due to low-tech infrastructures in certain developing countries, hackers can easily target low-end machinery with lax security to install cryptojacking scripts. In fact, these scripts are so common, the top three most wanted malware scripts of December 2018 were all related to cryptojacking.

Routers are the Main Target

Hackers using cryptojacking scripts are mainly targeting routers, largely due to the relative amount of knowledge needed to protect them. It can be daunting to update and secure a router, so many people’s home routers are vulnerable. More than 30,000 routers in India were hit within a matter of hours, with a further 200,000 routers hit in Brazil only a few weeks earlier. Keeping a router updated with the latest security patches only takes a few seconds and it’s actually really easy to do.

Safety is Paramount

Remaining safe might seem like an impossible task, but it’s not. For starters, never download anything from the internet when you can’t authenticate the original source. This means don’t download anything from Slack or Telegram unless it’s a work group, and certainly be dubious of using torrents. On top of this, keep all your software up to date – including on your router. Due to the fact we are lovely people here at FullyCrypto, we have put together a guide to help protect yourself from cryptojacking – it’s well worth a read to keep yourself safe.
Cryptojacking is a worrying phenomenon and its presence is growing around the world. Web servers are being infected with ease and so too are home networks. It appears as if the script developers are always one step ahead of security teams, making it hard work to put an end to this digital epidemic once and for all.