New malware strain can evade and uninstall cloud security software, researchers warn

The good news: your organisation has finally gotten around to installing some top of the range cloud security tools. The bad news: malware has been developed which can evade detection from them. The nefarious discovery from threat actor Rocke was made by Palo Alto Networks Unit 42, with the security researchers noting that it was ‘to the best of [their] knowledge the first malware family that developed the unique capability to target and remove cloud security products.’ The Rocke group was first spotted in August by Cisco’s threat intelligent group, Talos, noting at the time it was an actor which ‘must be followed as they continue to add new features to their malware and are actively exploring new attack vectors.’ The malware mines Monero cryptocurrency in compromised Linux machines – cryptojacking being cited by this publication in July as ‘on the way to replacing ransomware as the biggest threat for consumers and enterprises.’ Vulnerabilities are exploited in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion.