There is a new malware out there to watch out for. Dubbed the Rocke Malware, this form of cryptojacking has the ability to disable cloud security software so as to illicitly mine for Monero (XMR) undetected.

Rocke Malware Discovered

Cybersecurity firm Palo Alto Networks is the team behind the worrying discovery. It published a report yesterday saying that the hacking goes by the disguise the Rocke Group and is targeting public cloud systems.

If downloaded, the malware takes administrative control, uninstalls cloud security products and then inputs a code that mines for Monero cryptocurrency.

It’s exceedingly clever; the system follows procedures detailed on the service provider’s user manual on how to uninstall the Could Host Security product. By doing this, it doesn’t arouse suspicion and goes undetected.

What is Rocke Malware?

The software has the ability to uninstall five different cloud security products on Linux servers. These cloud security systems are the product of major Chinese cloud developers Alibaba and Tencent, and the malware looks to be selectively targeting them.

To mine for Monero without detection, the Rocke Malware attacks vulnerabilities in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion applications, and then downloads a shell script named a7.

Rocke can also kill any potential rival hackers trying to infiltrate the system. When it first arrives on the system, it avoids detection because it acts without malice.