Money Libra

Malware Profile Updated a month ago
Download STIX
Preview STIX
Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances, with the main goal of deploying cryptominers. The threat actor group behind Money Libra uses sophisticated techniques to exploit vulnerabilities and infiltrate systems, often without the user's knowledge. Once inside, it can disrupt operations, steal sensitive information, or even hold data for ransom. The infection vector for Money Libra was notably different from other cryptojacking-focused worms. It exploited the Redis through CVE-2022-0543, a method not commonly used by other worms targeting Redis instances, such as those created by Adept Libra (aka TeamTnT), Thief Libra (aka WatchDog), Automated Libra (aka PurpleUrchin), Aged Libra (aka Rocke), and Returned Libra (aka 8220). Despite similarities in their target systems and worm-like operations, there are no known links between these groups and Money Libra. In October, the Looney Tunables flaw was disclosed, which Money Libra subsequently leveraged to target cloud environments with malware attacks. This demonstrates the group's adaptability and quick response to newly discovered vulnerabilities, making it a significant threat to cloud-based systems. Overall, Money Libra represents an evolving cybersecurity risk that requires ongoing vigilance and robust defensive measures.
What's your take? (Question 1 of 1)
f8ed4f92-96d0-4755-8bbe-85bc3dc64196 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Kinsing
3
Kinsing is a type of malware, malicious software designed to exploit and damage computer systems. It operates by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once embedded within a system, Kinsing can steal personal information, disrupt
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Redis
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Money Libra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Looney Tunables bug exploited for cryptojacking - Help Net Security
CERT-EU
7 months ago
Looney Tunables bug exploited for cryptojacking
Unit42
10 months ago
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
BankInfoSecurity
6 months ago
CISA Urges Patching as Hackers Exploit 'Looney Tunables' Bug