SafeBreach Labs    , a cybersecurity firm , has developed an undetectable cloud-based cryptocurrency miner that operates within Microsoft Azure’s Automation service     . This breakthrough discovery allows the miner to  utilize Azure’s computational resources without incurring any costs.
The researchers at SafeBreach Labs achieved code execution by uploading custom Python packages and obtaining an access token. This token enabled them to make requests on behalf of the Automation Account’s assigned identity . They also discovered that code execution could be accomplished through the Powershell module upload flow . Microsoft has since fixed the flaw in the Azure pricing calculator that allowed for unlimited task execution without charges. However, they consider the behavior of the miner as “by design.”
SafeBreach warns that these techniques could be utilized for malicious purposes and advises organizations to proactively monitor their environment for any code execution indicative of such behavior. It is important to note that while the focus of the research is on cryptocurrency mining, the same techniques could be applied to any task requiring code execution on Azure  .
The discovery of an undetectable cloud-based cryptocurrency miner operating within Microsoft Azure’s Automation service raises concerns about potential misuse of Azure’s computational resources. While Microsoft has addressed the flaw that allowed for unlimited task execution without charges, the behavior of the miner is still considered “by design.” Organizations are advised to monitor their environment for any code execution indicative of malicious behavior. This discovery highlights the need for proactive measures to mitigate the risks associated with such techniques. Additionally, the implications extend beyond cryptocurrency mining , as these techniques can be applied to any task requiring code execution on Azure  .