Researchers from Sysdig are warning of an ongoing attack campaign against vulnerable GitLab servers that results in deployment of cryptojacking and proxyjacking malware. The attacks use cross-platform malware, kernel rootkits, and multiple layers of obfuscation and try to evade detection by abusing legitimate services.
“This operation was much more sophisticated than many of the attacks the Sysdig TRT typically observes,” researchers from security firm Sysdig said in a new report. “Many attackers do not bother with stealth at all, but this attacker took special care when crafting their operation. The stealthy and evasive techniques and tools used in this operation make defense and detection more challenging.”
