Siloscape is a newly identified piece of malware that attacked Windows Server containers. The security researchers at Palto Alto Networks have warned that Siloscape has the ability to execute the code on the base node that can spread in the Kubernetes cluster.
Siloscape was built with the idea of installing a backdoor in the Kubernetes cluster. The backdoor can contaminate containers and perform wicked activities. The Palo Alto Networks’ researcher Daniel Prizmant stated that Siloscape has witnessed 23 victims however, the malware is bigger than what they think, it is a part of a bigger campaign. Once they got access to the malware’s command and control server, it was disclosed that the malware was the host of 313 users.
Prizmant added that the malware has the tendency to threaten the Kubernetes cluster for cryptojacking and can extract the sensitive data that functions on the countless application of compromised clusters.
Normally, a malware attack begins when the malware operators take advantage of the vulnerability to get access to remote code execution that is present inside the Windows container. And then, it runs on Siloscape. Later, malware gets out of the container to inquire if the host is able to create new Kubernetes deployments.
To get out of the container, malware disguises itself as CExecSvc.exe and then creates a duplicate symbolic link for its localized container. The main aim of the malware is to stay discreet and never get caught especially in a compromised atmosphere. For Siloscape, the administrators are asked to establish safety in the cloud environment.