Why did I receive a Amazon GuardDuty CryptoCurrency finding type for my Amazon EC2 instance?
Last updated: 2020-03-24
Amazon GuardDuty detected a CryptoCurrency finding with my Amazon Elastic Compute (Amazon EC2) instance.
The GuardDuty CryptoCurrency:EC2 finding type indicates that an Amazon EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity such as Bitcoin mining. If this behavior isn't expected, your Amazon EC2 instance might be compromised.
For additional information, see CryptoCurrency Finding Types.
Follow the instructions for remediating a compromised EC2 instance.
For additional information, see How Amazon GuardDuty Uses Its Data Sources.