Undetectable cryptomining technique found lurking on Microsoft Azure Automation
Someone found a loophole in Azure that allowed them to create free money and never get busted, but instead of using it – they reported it to Microsoft and had it fixed.
That someone is a team of researchers from the SafeBreach cybersecurity company, who, as an experiment, set out to see if they could build the perfect crypto miner: one that uses other people’s resources (for example cloud computing power, internet, electricity), needs virtually no management, doesn’t cost a dime, and is basically impossible to detect.
They found the way using Azure Automation, Microsoft’s service through which Azure users can automate creating, deploying, monitoring, and maintaining their Azure resources.
Malicious code execution
The researchers found multiple ways to run the miner. The first one required their own environment, and while that should have charged them extra, a bug in the pricing calculator resulted in the miner running for a month for a whopping $0. SafeBreach reported this to Microsoft, who later fixed the problem. No more free money there.
But then the researchers took it a step further, to see if a miner would possibly work in other people’s environments, and how.
They created a test-job for mining and set its status as “failed” (even though it didn’t). As only one test can run at the same time, setting the status as “failed” allowed them to create another test-job, effectively hiding code execution within the Azure environment.
Also, they discovered they could run code by using an Automation feature that allows users to upload custom Python packages. “We could create a malicious package named ‘pip’ and upload it to the Automation Account,” the researchers told The Hacker News. “The upload flow would replace the current pip in the Automation account. After our custom pip was saved in the Automation account, the service used it every time a package was uploaded.”
As a demonstration of their findings, SafeBreach created a proof-of-concept called CloudMiner, which abuses Azure Automation via the Python upload mechanism to gain free computing power. Microsoft apparently said this was a feature and not a bug, with the researchers adding that customers should “proactively monitor every single resource and every single action being performed within their environment”.
While the test was to discover if a “perfect” crypto miner exists, the researchers seem to be more worried that someone might abuse Azure Automation for more nefarious purposes, the publication hints. After all, this enables code execution on Azure.
More from TechRadar Pro
Someone found a loophole in Azure that allowed them to create free money and never get busted, but instead of using it – they reported it to Microsoft and had it fixed. That someone is a team of researchers from the SafeBreach cybersecurity company, who, as an experiment, set out…
Recent Posts
- Google is giving Android users hands-free navigation and a way to talk with emojis
- Quordle today – hints and answers for Friday, May 17 (game #844)
- NYT Strands today — hints, answers and spangram for Friday, May 17 (game #75)
- iMessage is having some issues today
- Google’s Gemini AI plan for schools promises extra data protection and privacy
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011