Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances

Researchers from Cado Security revealed a new attack campaign, known as Qubitstrike, targeting Jupyter Notebook instances and deploying cryptojacking malware. The attackers purposely connect to unprotected Jupyter Notebook honeypots, gain system information, and manually execute commands. They use Discord for command and control, and steal AWS and Google Cloud credentials. After setting up the system for XMRig cryptocurrency mining, they scan and kill competing cryptominers and delete system logs. The malware is well-known in Linux circles, often being used to evade detection.