Why did I receive a Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?

Last updated: 2020-03-24

Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute (Amazon EC2) instance.

Short Description

The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If this behavior isn't expected, your Amazon EC2 instance might be compromised.

For additional information, see CryptoCurrency Finding Types.

Resolution

Follow the instructions for remediating a compromised EC2 instance.

For additional information, see How Amazon GuardDuty Uses Its Data Sources.