AT&T’s Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems – and which is turning target devices into cryptocurrency miners.
Described by Alien Labs researcher Ofer Caspi as “one of the most active threat groups since 2020,” TeamTNT is known for its use – and, indeed, abuse – of open-source security tools for everything from finding vulnerable targets to dropping remote-control shells.
In June this year Palo Alto Networks’ Unit 42 discovered a software repository dubbed Chimaera, which it said “highlights the expanding scope of TeamTNT operations within cloud environments as well as a target set for current and future operations.”
Read more…
Source: The Register