Crypto-Mining Worm Targets AWS Credentials. Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services (AWS) credentials belonging to the organizations whose systems it has infected. The worm has compromised many Docker and Kubernetes systems, able to exfiltrates local credentials and scans the internet for misconfigured Docker platforms. Read more on Cado Security > TEAM TNT – THE FIRST CRYPTO-MINING WORM TO STEAL AWS CREDENTIALS