Why did I receive an Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?

Last updated: 2020-12-09

Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.

Short description

The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If you don't expect this behavior, it might be a result of unauthorized activity on your account.

For more information, see CryptoCurrency:EC2/BitcoinTool.B!DNS.

Resolution

Follow the instructions to identify and stop unauthorized activity for the EC2 instance.

For more information, see How Amazon GuardDuty uses its data sources.

Related information

Creating custom responses to GuardDuty findings with Amazon CloudWatch Events

How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts

Security solutions in AWS Marketplace

Did this article help?

Submit feedback

Do you need billing or technical support?

Contact AWS Support