Denonia, a new crypto malware, infects AWS Lambda

New malware “Denonia” targets serverless AWS Lambda with crypto-miners

Our Cado security researchers recently detect a vicious malware named “Denonia” which is mainly designed to attack Serverless Computing – AWS Lambda – Amazon Web Services with crypto miners.

As we all know that AWS Lambda Amazon Web Services is a serverless computing platform that is mainly designed to run a hundred codes for AWS service and SaaS (software as a service) applications without managing any type of servers.


We already mentioned these nasty Denonia threats the researchers of Cado security Service have found this malware. They also revealed about this malicious malware is being used here in limited attacks. It is a completely Go-based wrapper specially designed for deploying custom XMRIG crypto miners for the Monero cryptocurrency.

For your information, it states that a 64-bit ELF executable targeting x86-64 systems was uploaded to the VirusTotal website in the current month of February. Not only this, but he had also discovered a second specimen one month before that in the month of January, which was waiting for many more attacks to come.

The Cado researcher also pointed out that this model is fairly intuitive because it works through crypto mining software to understand how attackers are currently using or misusing advanced cloud-specific knowledge to exploit complex cloud infrastructures. It is indeed a matter of great concern because it also points toward other attacks in the future.

All Possibly deployed using stolen keys about Denonia 

no doubt that the Cado Security Researcher did a really commendable job, but they missed an idea of how the evil group of attackers would use their malicious malware and how they would execute their malware.

It cannot be denied at all that the thinking of hackers is always four steps ahead of us, they are always looking for different ways that how they can earn more income than ever. They are not bothered about how much trouble the people are facing, the common people do not know how much trouble they are facing.

But even our few types of research did not work for anyone, they had guessed that the cyber hackers had finally used the possibility of stealing or leaking AWS Access and Secret key, a strategy previously used to distribute bash scripts which are completely designed to download or run the miner in the infected device. This caused a fee of $45,000 after the miner was active for a few weeks.

You can also Read

  1. New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
  2. FFDroider malware steals Social media accounts
  3. Borat RAT – cultural learnings or serious malware?
  4. Virus – What is Computer Virus?
  5. STOP/DJVU Ransomware Virus Removal (2022 Guide)

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.