CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin

https://image.theregister.com/5267881.jpg?imageId=5267881&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Dog-eat-dog world for credential-stealing attackers

EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware.

It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubernetes, Redis, etcd, Kubelet, and Ray for credential theft and cryptomining.

The scripts “are heavily inspired” by the likes of other similar credential-stealing worms that have wreaked havoc across cloud environments and supply chains this year, “using code comments like ‘PCPJack-aligned,’” according to security researcher Michael R.

“CAI explicitly seeks out and kills TeamPCP and PCPJack processes, to further monopolize on compromised targets,” he posted on X.

TeamPCP is the malware-developing crew behind the mini Shai-Hulud, Miasma, and Canister worms that have been poisoning open source registriesand harvesting cloud access...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more