Runtime defense for Gafgyt shows why cloud AI workloads stay exposed

At a glance

What this is: This is Aqua Security’s analysis of a Gafgyt variant that targets Linux-based cloud native and AI workloads through weak SSH credentials and fileless execution to deploy cryptomining payloads.

Why it matters: It matters because the same exposure patterns that affect cloud runtime security also affect identity governance for service access, secrets handling, and workload protection across NHI and AI infrastructure.

By the numbers:

• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

👉 Read Aqua Security's analysis of Gafgyt runtime defense for AI workloads

Context

Gafgyt is a Linux-targeting malware family that has evolved from IoT botnet abuse into a cloud native and AI infrastructure threat. In this case, the access path is not sophisticated exploitation but weak SSH credentials, followed by fileless execution and cryptomining payload delivery.

For identity teams, the important issue is not just malware detection. Weak service access hygiene, exposed administrative entry points, and unmanaged workload credentials create the conditions that let low-complexity malware reach high-value compute.

The article’s core claim is that runtime defense helps stop the payload, but exposure control still determines whether the attack ever gets a foothold. That is a familiar pattern in NHI governance: the control failure sits upstream of execution.

Key questions

Q: How should security teams reduce risk from weak SSH access on Linux workloads?

A: Security teams should remove password-based SSH where possible, restrict administrative sources, and treat remote shell access as a privileged pathway. The goal is to reduce the chance that commodity malware can obtain a legitimate foothold before runtime controls ever engage. Access review should cover both human admins and any automation that can reach production hosts.

Q: Why do cloud native and AI workloads attract cryptomining malware?

A: They attract cryptomining malware because they offer high-value CPU and GPU capacity that can be monetised quickly. Attackers do not need to steal data if they can run mining payloads long enough to consume enterprise resources. That makes workload exposure, not just endpoint infection, the control problem teams need to solve.

Q: What do security teams get wrong about fileless malware in containers?

A: They often assume that no file on disk means no practical detection path. In reality, fileless malware still creates process, shell, and network behaviour that runtime tools can observe. The mistake is relying on static scanning alone when the threat is designed to operate in memory and evade disk-based signals.

Q: Who is accountable when workload access leads to cryptomining abuse?

A: Accountability usually sits with both the platform team that exposed the access path and the security team that failed to govern it as a privileged control. If SSH, service credentials, or remote administration rights can reach production compute, those paths need the same ownership discipline as any other privileged identity.

Technical breakdown

Weak SSH access as the entry point for cloud-native malware

Gafgyt historically spread through weak SSH passwords, and the newer variant still depends on that same entry condition. SSH is a remote administration protocol, so if passwords are weak or reused, attackers can obtain a legitimate shell rather than exploiting code-level vulnerabilities. That matters because once an interactive session exists, malware delivery becomes an execution problem instead of an authentication problem. In cloud native environments, this also intersects with workload sprawl, exposed admin endpoints, and inherited access paths that are rarely reviewed as tightly as user identities.

Practical implication: treat exposed SSH as an identity and access weakness, not just a network hardening issue.

Fileless execution and why it bypasses simple malware controls

Fileless execution means the payload runs in memory or through native system tools rather than dropping an obvious executable on disk. For defenders, that blurs the line between legitimate administration and malicious activity because the process may look like shell-driven operational work. Gafgyt’s use of this technique makes runtime visibility more important than static signature matching. The article’s emphasis on container runtime protection reflects that shift: detection has to observe behaviour, not just files, because the attack intentionally leaves fewer artifacts behind.

Practical implication: ensure runtime monitoring can flag suspicious process behaviour even when no malicious file is written.

Cryptomining on AI infrastructure changes the business impact

The payload here is not data theft but cryptomining, specifically XMRIG. That changes the operational impact from confidentiality loss to resource theft, degraded performance, and cloud cost inflation. In AI environments, the attacker is targeting CPU and GPU capacity because those resources are expensive and scarce. This is a classic abuse pattern in cloud workloads: the attacker monetises compute while hiding inside otherwise ordinary system activity. Runtime blocking helps, but the upstream issue remains whether the environment allowed the initial foothold and subsequent execution at all.

Practical implication: monitor for compute misuse as part of security, FinOps, and workload governance together.

Threat narrative

Attacker objective: The attacker wants to convert compromised compute into cryptomining infrastructure that generates profit while consuming enterprise resources.

1. Entry occurs when attackers exploit weak SSH credentials on Linux-based systems and gain shell access to cloud native or AI workloads.
2. Escalation follows through fileless execution, allowing the malware to run without dropping a conventional executable and making behaviour harder to spot.
3. Impact is achieved when the variant installs XMRIG to mine cryptocurrency, consuming CPU and GPU resources while degrading workload performance and increasing cloud cost.

Breaches seen in the wild

• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.
• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Cloud runtime security fails first at the identity boundary, not the malware boundary. The article shows a familiar pattern: weak SSH access opens the door, and only after that does runtime defense become relevant. That means the first governance failure is not the payload, but the permissive access posture that allowed a shell on a sensitive workload. Practitioners should read this as an identity exposure problem that later manifests as malware.

Exposure control is the missing concept here: workload access debt. Systems left reachable through weak SSH credentials create accumulated risk before any attack occurs. In practice, that debt compounds across Linux hosts, cloud native clusters, and AI infrastructure where access paths are often provisioned for convenience and left in place. The conclusion is straightforward: unmanaged reachability becomes a standing attack surface.

Runtime blocking matters, but only after the attack has already crossed the threshold of trust. Aqua’s focus on fileless execution and cryptomining detection reflects the right containment layer for this threat. Yet the broader lesson is that runtime protection is compensating for upstream exposure and privilege management failures. Teams should treat it as a last line of defense, not as a substitute for access governance.

AI infrastructure is becoming a cost-amplification target as much as a data target. The attacker objective here is to hijack compute, not steal secrets, which changes how risk should be modelled. When GPU and CPU pools are valuable, malicious workload abuse becomes a material control issue for security, platform engineering, and cloud economics. Practitioners should expect more malware designed to monetise infrastructure rather than exfiltrate it.

Linux administration paths are now part of NHI governance whether teams label them that way or not. SSH credentials, service access, and runtime execution rights all behave like machine identity controls when they are used to reach production workloads. The discipline does not change just because the threat is malware instead of credential theft. Security teams should align workload access review, secret hygiene, and runtime defense as one control plane.

From our research:

• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to the Ultimate Guide to NHIs.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
• That is why the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs remains the right place to reset lifecycle and access assumptions before runtime abuse becomes operational loss.

What this signals

Workload access is now part of identity governance, not just platform operations. When malware like Gafgyt enters through weak SSH and then pivots into fileless execution, the programme gap is usually upstream of detection. Teams should fold Linux admin paths, service access, and secret hygiene into the same governance model they use for other privileged machine identities.

Identity blast radius is the right concept for cloud AI environments. A single exposed credential can now translate into compute abuse, performance loss, and cost inflation rather than only data exposure. That broadens the business case for tighter lifecycle controls and for linking runtime telemetry back to identity ownership.

The practical signal to watch is whether access review and runtime response are connected. If a team can detect cryptomining but cannot trace which credential, shell path, or service account enabled it, the control stack is fragmented. Link this to the 52 NHI Breaches Report and the Top 10 NHI Issues to benchmark the failure mode against broader NHI exposure patterns.

For practitioners

• Harden SSH as a workload identity control Inventory every exposed Linux host and remove password-based SSH where possible. Require key-based access, restrict source IPs, and review any admin endpoint that can reach AI or high-CPU workloads.
• Separate runtime detection from exposure reduction Keep container runtime protection in place to catch fileless execution, but pair it with exposure scanning so that prevention starts before the shell is opened.
• Treat cryptomining as a governance signal Alert on unexpected CPU and GPU consumption, suspicious process trees, and miner-style binaries in production. Feed those findings into cloud governance, not only SOC triage.
• Review privileged workload access paths Map which service accounts, credentials, and remote shells can reach AI infrastructure, then remove any standing access that is not operationally required.

Key takeaways

• Gafgyt’s newer variant shows how weak SSH access can still open cloud native and AI workloads to low-complexity malware.
• The impact is operational and financial as much as technical, because cryptomining steals CPU and GPU capacity while degrading performance.
• Runtime defense is useful, but the control that changes the outcome is upstream access governance over exposed Linux and workload identities.

Key terms

• Workload Identity: A workload identity is the set of credentials or trust attributes a machine uses to authenticate and receive access. In practice, it can include SSH keys, tokens, certificates, or service accounts that authorize runtime actions on servers, containers, and cloud services.
• Fileless Execution: Fileless execution is malware or attacker activity that runs in memory or through native system utilities instead of writing an obvious malicious file to disk. It is harder to spot with static scanning and pushes defenders toward behavioural and runtime detection.
• Cryptomining Payload: A cryptomining payload is malicious software that uses enterprise compute to mine cryptocurrency for the attacker. The main harm is resource theft, degraded performance, and higher cloud cost, often with little immediate data exposure but substantial operational impact.
• Runtime Protection: Runtime protection is a control layer that observes live workload behaviour and can block suspicious actions as they happen. For cloud and container environments, it is most effective when paired with access governance, because it usually responds after an attacker has already gained a foothold.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Aqua Security: How to Set Up Runtime Defense Against Threats Like Gafgyt. Read the original.