Malware

SCARLETEEL

First seen: 2023 • Status: active

Currently Active Threat

SCARLETEEL is a new threat that attacks cloud systems to mine crypto while also stealing sensitive data and cloud secrets.

Overview

SCARLETEEL is a sophisticated cloud-native threat targeting AWS environments. It combines cryptomining with data theft and shows advanced cloud exploitation capabilities.

Also Known As

Scarlet Eel

How It Spreads

  • Kubernetes vulnerabilities
  • Container escape
  • AWS exploitation

What It Does

  • Cryptocurrency mining
  • AWS data theft
  • Lateral movement
  • Secret harvesting

Is your business exposed?

Target Platforms

Linux, Kubernetes, AWS

Detection Tips

  • Monitor AWS CloudTrail
  • Check for container escape indicators
  • Analyze IAM role usage
  • Review S3 bucket access

MITRE ATT&CK Techniques

T1496, T1552, T1610, T1005

If You're Infected

  1. 1.

    Investigate compromised containers

  2. 2.

    Rotate AWS credentials

  3. 3.

    Review IAM permissions

  4. 4.

    Check for data exfiltration

Related Malware

Teamtnt, Kinsing

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices