Lambda Malware, Denonia

Cado Security reports of Denonia, a new malware identified to target AWS Lambda malware deploying cryptominers. The Lambda components of the malware were observed during dynamic analysis, as when its execution failed, it prompted AWS Lambda environment variables. Despite targeting Lambda, Denonia can still run on some select Linux systems without issues. It's currently unknown how the Denonia is deployed, a potential explanation from Cado is "It may simply be a matter of compromising AWS Access and Secret Keys then manually deploying into compromised Lambda environments." The malware is written in Go language with GitHub libraries including AWS, lambda and dns over HTTPs. The malware also contains the XMRig cyptominer software. Denonia also uses DNS over HTTPs (DoH) which enables DNS queries to be encrypted over HTTPS.