November 8, 2023.
Cybersecurity researchers at SafeBreach have revealed the development of the first fully undetectable cloud-based cryptocurrency miner using the Microsoft Azure Automation service. The miner, discovered through three different methods, can execute in a victim’s environment without raising suspicion. Leveraging a bug in the Azure pricing calculator, the miner can run an infinite number of jobs without incurring charges. Microsoft has addressed this issue, but alternative methods, such as setting a test-job as “Failed” to hide code execution, or uploading a custom Python package named ‘pip,’ remain exploitable. SafeBreach warns of the potential for threat actors to repurpose these techniques beyond crypto mining, emphasizing the need for organizations to proactively monitor and educate themselves on detecting undetectable resources in their Azure environments.