It looks like it could be a binary intended to be snuck in with third party package dependencies and such that you might unintentionally execute within your lambda runtime. It's one thing doing mining at a slow trickle within the free tier of a single account, and another thing altogether when potentially millions of lambda functions in the wild are mining for you.But agreed, it's not necessarily functionally different from any other crypto-mining malware hidden in public repos, save for the focus on runtime. Presumably Lambda provides a standardized enough runtime for reliable execution.
No comments yet.