Money Libra

Malware updated 7 months ago (2024-05-04T18:37:09.037Z)

Download STIX

Preview STIX

Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances, with the main goal of deploying cryptominers. The threat actor group behind Money Libra uses sophisticated techniques to exploit vulnerabilities and infiltrate systems, often without the user's knowledge. Once inside, it can disrupt operations, steal sensitive information, or even hold data for ransom. The infection vector for Money Libra was notably different from other cryptojacking-focused worms. It exploited the Redis through CVE-2022-0543, a method not commonly used by other worms targeting Redis instances, such as those created by Adept Libra (aka TeamTnT), Thief Libra (aka WatchDog), Automated Libra (aka PurpleUrchin), Aged Libra (aka Rocke), and Returned Libra (aka 8220). Despite similarities in their target systems and worm-like operations, there are no known links between these groups and Money Libra. In October, the Looney Tunables flaw was disclosed, which Money Libra subsequently leveraged to target cloud environments with malware attacks. This demonstrates the group's adaptability and quick response to newly discovered vulnerabilities, making it a significant threat to cloud-based systems. Overall, Money Libra represents an evolving cybersecurity risk that requires ongoing vigilance and robust defensive measures.

Description last updated: 2023-12-20T14:52:55.158Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Kinsing is a possible alias for Money Libra. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informa	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Redis

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Money Libra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	a year ago	P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
BankInfoSecurity	a year ago	CISA Urges Patching as Hackers Exploit 'Looney Tunables' Bug
CERT-EU	a year ago	Looney Tunables bug exploited for cryptojacking
CERT-EU	a year ago	Looney Tunables bug exploited for cryptojacking - Help Net Security