Google Cloud can now detect cryptomining malware planted in virtual machines

A white padlock on a dark digital background.
(Image credit:

To keep its virtual machines (VM) safe from cryptominers, Google has launched a new platform aimed at stopping malware for good.

The new Virtual Machine Threat Detection (VMTD) tool is available for Google Cloud’s Security Command Center Premium customers, and will work without additional software, meaning there won’t be any significant impact on the performance of the virtual machines, or operational burden for agent deployment and management.

As a result, there is less attack surface, and instead of using an agent, the threat detection adds “nearly universal and hard-to-tamper-with threat detection” to the hypervisor. 

Mining anonymous cryptos 

Cryptominers are a unique type of malware which, instead of trying to destroy the machine, steal sensitive data, or assimilate the device into a botnet, take advantage of the computing power to generate cryptocurrencies for the attacker.

Some blockchain networks operate on a mechanism called Proof of Work, in which computers that make up the network do heavy computing, and are rewarded in the network’s token. The process is also known as mining. 

The devices that “mine” cryptocurrencies are usually incapable of doing anything else, as mining takes up most of the devices’ compute power. 

Some malicious actors started distributing cryptomining malware which forces the victim’s device into mining, and sends all the earnings to the attackers. Usually, cryptominers mine the Monero token, as it’s believed to be a hard one to trace.

Besides rendering the computer almost useless, there is an extra risk with cryptominers on virtual machines - compute cost. 

An earlier report from Google Cloud (published late last year) claims that almost nine in ten (86%) of machines on the public cloud that are infected with malware, carry cryptominers.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.