Elastic has discovered AbyssWorker, a fileless malware designed to mine cryptocurrency in cloud-based and containerized Linux environments. It leverages shell scripts, LOLBins, and compromised tokens to install itself without leaving traces on disk. Its infrastructure bears similarities to known Chinese cybercriminal groups.
Expert Analysis:
AbyssWorker is not just a “basic” cryptojacker: it targets modern, poorly protected cloud environments using techniques worthy of an APT. Its fileless approach, persistence in ephemeral containers, and use of native system tools make it nearly invisible.
The threat is structural: as long as companies treat their Linux workloads as inherently safe, they will remain blind to these silent attacks. No agent? No alert. No telemetry? No response. And AbyssWorker keeps mining, both literally and strategically.
Read the full article here.