CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin
Dog-eat-dog world for credential-stealing attackers
EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware.
It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubernetes, Redis, etcd, Kubelet, and Ray for credential theft and cryptomining.
The scripts “are heavily inspired” by the likes of other similar credential-stealing worms that have wreaked havoc across cloud environments and supply chains this year, “using code comments like ‘PCPJack-aligned,’” according to security researcher Michael R.
“CAI explicitly seeks out and kills TeamPCP and PCPJack processes, to further monopolize on compromised targets,” he posted on X.
TeamPCP is the malware-developing crew behind the mini Shai-Hulud, Miasma, and Canister worms that have been poisoning open source registriesand harvesting cloud access...
Copyright of this story solely belongs to theregister.com. To see the full text click HERE