The Cracking Tale of AMBERSQUID: Cryptojacking the Uncommon AWS

Slip on your digital gloves folks, because it seems there’s a new player in town. Codenamed AMBERSQUID, this novel cloud-native cryptojacker has a taste for the rare. It’s been setting its sights on some prime cuts of Amazon Web Services (AWS) offerings, focusing on the elusive AWS Amplify, AWS Fargate, and—hold onto your processors—Amazon SageMaker, for some good, old-fashioned illicit cryptocurrency mining. Talk about casting a wide…cloud! (Sorry, couldn’t resist).

Who’s That Knocking at My Virtual Door?

So, who sprung this digital varmint on us? Well, hats off to the cyber cowboys at Sysdig. If you’re not familiar with them, they’re a cloud and container security rodeo outfit who ride herd on these types of shenanigans. Kudos to them for spotting this cattle rustler in the vast open plain of the cloud. So in their honor, I propose a moment of silence…followed by a dad joke: Why don’t security folks trust the cloud? Because it has shady areas!

Smooth Operator

The real kicker though, and the part that would have us all tipping our virtual hats if we weren’t so rightfully annoyed, is that AMBERSQUID turned out to be quite the smooth operator. This maverick managed to exploit all these services without triggering the AWS security alarms. It’s like they danced right through AWS’s laser grid, without breaking a single beam…or dropping any popcorn on the floor (because according to all heist movies, that’s apparently a thing). Who knew cyber crime could be so…graceful?