AbyssWorker: stealth cryptojacking targeting cloud and containers

Elastic has discovered AbyssWorker, a fileless malware designed to mine cryptocurrency in cloud-based and containerized Linux environments. It leverages shell scripts, LOLBins, and compromised tokens to install itself without leaving traces on disk. Its infrastructure bears similarities to known Chinese cybercriminal groups.

Expert Analysis:
AbyssWorker is not just a “basic” cryptojacker: it targets modern, poorly protected cloud environments using techniques worthy of an APT. Its fileless approach, persistence in ephemeral containers, and use of native system tools make it nearly invisible.

The threat is structural: as long as companies treat their Linux workloads as inherently safe, they will remain blind to these silent attacks. No agent? No alert. No telemetry? No response. And AbyssWorker keeps mining, both literally and strategically.

Read the full article here.

Stay informed with us!

You can subscribe to our monthly cybersecurity newsletter to receive updates about us and the industry

Blog

Check the latest updates on threats, stories, events and analysis.

ZENDATA Expands to Asia: Destination Singapore!

  • News

When Convenience Trumps Protocols: How Signal Became the Pentagon’s Accidental Messenger App – Le Temps

  • Article

Podcast: Isabelle Meyer, Cybersecurity, AI, and the Future of Digital Protection

  • Interview, Video

More posts

Were you a victim of hackers? Have you experienced a data breach? Call us or write to us.
We know what to do.

+ 41 22 588 65 90 (24/7 hotline)
emergency@zendata.security

While we’re processing your request, there are some things you can do to prevent a disaster.

SELF-HELP GUIDE

Since 2011, we have been supporting businesses, governments, and educational organizations. We’ve partnered with international organisations and law enforcement to provide you with the fastest and most efficient threat response.

Stay up to date with the latest threats, stories, events and analysis, sign up for our monthly cybersecurity newsletter.

Offices

Geneva

Rte de Frontenex, 62Bis,

1207, Geneva

Switzerland

Bahrain

Office 1201,

Almoayyed TowerAI, Seef,

Bahrain

Abu Dhabi

Office 603, Centro Capital Center,

Abu Dhabi Exhibition Center,

Khaleej Al Arabi St, Abu Dhabi,

UAE

 

Dubai

Building Montana,

D84 Zaa’beel Street, Dubai,

UAE

Legal

Privacy Policy

Social Media

Downloads

Emergency self-help guide

DEFCON: Switzerland

© Copyright ZENDATA CYBERSECURITY