We’ve previously written about cryptojacking scenarios involving Linux machines and specific cloud computing instances being targeted by threat actors active in this space such as TeamTNT. We found that the routines and chain of events were fairly similar even if it involved different threat actors: the initial phase saw attackers trying to kill off competing malware, security products, and other cloud middleware. This was followed by routines for persistence and payload execution, which in most cases is a Monero (XMR) cryptocurrency miner. For more sophisticated threats, we also observed capabilities that allowed it to spread to more devices. In November 2022, we intercepted a threat that had a slightly different routine and incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool (Trojan.Linux.CHAOSRAT), which is based on an open source project. Note that the original flow involving the termination of competing malware such as Kinsing and the killing of resources that influence cryptocurrency mining performance remained unchanged.
Full report : Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT.
Read More: news.google.com
Shadow Token 
Euler 
Kujira 
Alien Worlds 
Metadium 
Access Protocol 
Peapods Finance 
Portal 
OMG Network 
Aergo 
ArbDoge AI 
Hoppy 
Bertram The Pomeranian 
Heroes of Mavia 
YES Money 
Ethernity Chain 
BUSD 
REI Network 
Project89 
Automata 
Gearbox 
DIMO 
Perpetual Protocol 
Onyxcoin 
Sanctum Infinity 
Orchid Protocol 
Opus 
crvUSD 
Gemini Dollar 
Dione 
USDX 
tokenbot 
Keyboard Cat (Base) 
WATCoin 
INSURANCE 
Matr1x Fire 
Magpie 
Liquity USD 
OmniFlix Network 
Manta mETH 
Mainframe 
Bluzelle 
Save 
Vector Smart Gas 
Reef 
TANUKI•WISDOM (Runes) 
Loom Network (OLD) 
Contentos 
LimeWire 
GOGGLES