Malware group known as Rocke specializes in infecting servers with cryptocurrency mining software. Researchers from Palo Alto Networks have analyzed recent samples of Rocke’s Linux shell scripts. The group has been active since at least April 2018 and is known for exploiting critical vulnerabilities in web application frameworks and servers like Apache Struts, Oracle WebLogic and Adobe ColdFusion. Before deploying the coinminer, the malicious script searches for five different cloud security protection and monitoring products and uninstalls them from servers. This highlights a new challenge for products in the cloud workload protection platforms market.”]
Source: https://www.csoonline.com/article/3333921/rocke-coinminer-disables-cloud-protection-agents.html

