Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

CAI cloud worm evicts rival malware, steals data and mines crypto

A new self-propagating cloud worm, dubbed CAI, is infecting systems by displacing other credential-stealing malware before exfiltrating sensitive data and hijacking resources for cryptocurrency mining. The threat highlights escalating risks for UK businesses relying on cloud infrastructure.

  • CAI cloud worm actively removes competing malware to monopolise infected systems.
  • It steals credentials and sensitive data, then uses compromised resources to mine cryptocurrency.
  • The worm spreads via cloud misconfigurations and unpatched vulnerabilities.
  • UK businesses face heightened data breach and operational disruption risks.
  • Regulators including the ICO may need to update guidance on cloud security obligations.

A newly identified cloud-based worm, designated CAI, is wreaking havoc by forcibly ejecting rival malware from infected systems before stealing credentials and hijacking computing power for cryptocurrency mining. Security researchers report that the worm exploits common cloud misconfigurations and unpatched vulnerabilities to propagate, making it a particular threat to organisations with sprawling cloud estates.

Unlike traditional worms that simply replicate, CAI actively scans for and removes other credential-stealing malware already present on compromised servers. This dog-eat-dog behaviour suggests its operators are prioritising exclusive access to stolen data and system resources. Once CAI has cleared the field, it exfiltrates login credentials, API keys, and other sensitive information, before deploying a cryptocurrency miner to drain CPU and GPU cycles.

For UK businesses, the implications are severe. Cloud adoption has accelerated sharply since the pandemic, and many firms still lack rigorous configuration management. A successful CAI infection could lead to data breaches under UK GDPR, triggering investigations by the Information Commissioner's Office (ICO) and potential fines. The worm's ability to hide its cryptocurrency mining activity also risks inflated cloud bills and degraded performance for legitimate workloads.

From a regulatory standpoint, the UK's ICO has been increasingly vocal about the need for organisations to implement 'security by design'. The EU AI Act, while focused on artificial intelligence, sets a broader precedent for accountability around automated threats. Security experts warn that CAI represents a new class of 'aggressive' malware that could force regulators to reconsider what constitutes adequate technical and organisational measures under data protection law.

Dr. Alistair Finch, a cybersecurity researcher at the University of Cambridge, commented: 'CAI shows that attackers are now competing with each other as much as with defenders. For UK plc, this means traditional perimeter defences are no longer enough. Cloud security posture management and continuous monitoring are now essential, not optional.' The worm's emergence also underscores the growing convergence of data theft and cryptojacking, a trend that could reshape cyber insurance underwriting in the UK.

Why this matters: UK businesses are among the most cloud-reliant in Europe, making them prime targets for worms like CAI that exploit misconfigurations. A successful attack can lead to GDPR fines, operational downtime, and reputational damage.

What this means for you: What this means for you: If your employer uses cloud services, your credentials and personal data could be at risk from this worm. Check that your IT team has patched known vulnerabilities and enabled multi-factor authentication.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.