Subj : Undetectable cryptomining technique found lurking on Microsoft Az To : All From : TechnologyDaily Date : Thu Nov 09 2023 18:15:05 Undetectable cryptomining technique found lurking on Microsoft Azure Automation Date: Thu, 09 Nov 2023 18:07:27 +0000 Description: It was all part of a test in a controlled environment, and the cryptominer wasn't even the worst part. FULL STORY ====================================================================== Someone found a loophole in Azure that allowed them to create free money and never get busted, but instead of using it - they reported it to Microsoft and had it fixed. That someone is a team of researchers from the SafeBreach cybersecurity company, who, as an experiment, set out to see if they could build the perfect crypto miner: one that uses other peoples resources (for example cloud computing power, internet, electricity), needs virtually no management, doesnt cost a dime, and is basically impossible to detect. They found the way using Azure Automation, Microsofts service through which Azure users can automate creating, deploying, monitoring, and maintaining their Azure resources. Malicious code execution The researchers found multiple ways to run the miner. The first one required their own environment, and while that should have charged them extra, a bug in the pricing calculator resulted in the miner running for a month for a whopping $0. SafeBreach reported this to Microsoft, who later fixed the problem. No more free money there. But then the researchers took it a step further, to see if a miner would possibly work in other peoples environments, and how. They created a test-job for mining and set its status as failed (even though it didnt). As only one test can run at the same time, setting the status as failed allowed them to create another test-job, effectively hiding code execution within the Azure environment. Also, they discovered they could run code by using an Automation feature that allows users to upload custom Python packages. "We could create a malicious package named 'pip' and upload it to the Automation Account," the researchers told The Hacker News . "The upload flow would replace the current pip in the Automation account. After our custom pip was saved in the Automation account, the service used it every time a package was uploaded." As a demonstration of their findings, SafeBreach created a proof-of-concept called CloudMiner, which abuses Azure Automation via the Python upload mechanism to gain free computing power. Microsoft apparently said this was a feature and not a bug, with the researchers adding that customers should proactively monitor every single resource and every single action being performed within their environment. While the test was to discover if a perfect crypto miner exists, the researchers seem to be more worried that someone might abuse Azure Automation for more nefarious purposes, the publication hints. After all, this enables code execution on Azure. More from TechRadar Pro Exposed AWS credentials stolen within minutes by Github hackers Here's our list of the best firewall for online protection today These are the best malware removal tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/undetectable-cryptomining-technique-fou nd-lurking-on-azure-automation --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .