Money Libra

Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances, with the main goal of deploying cryptominers. The threat actor group behind Money Libra uses sophisticated techniques to exploit vulnerabilities and infiltrate systems, often without the user's knowledge. Once inside, it can disrupt operations, steal sensitive information, or even hold data for ransom. The infection vector for Money Libra was notably different from other cryptojacking-focused worms. It exploited the Redis through CVE-2022-0543, a method not commonly used by other worms targeting Redis instances, such as those created by Adept Libra (aka TeamTnT), Thief Libra (aka WatchDog), Automated Libra (aka PurpleUrchin), Aged Libra (aka Rocke), and Returned Libra (aka 8220). Despite similarities in their target systems and worm-like operations, there are no known links between these groups and Money Libra. In October, the Looney Tunables flaw was disclosed, which Money Libra subsequently leveraged to target cloud environments with malware attacks. This demonstrates the group's adaptability and quick response to newly discovered vulnerabilities, making it a significant threat to cloud-based systems. Overall, Money Libra represents an evolving cybersecurity risk that requires ongoing vigilance and robust defensive measures.