December 9, 2023

Google announced the general availability of VMTD (Virtual Machine Threat Detection), a service that can detect if hackers attempt to use a company’s cloud environment to mine cryptocurrency. 

VMTD can detect if a Google Cloud customer’s cloud environment contains malware that hijacks infrastructure resources to mine cryptocurrency. Moreover, the service provides technical data about the malware to help administrators block it.


The service was first released in public preview earlier this year and has since been adopted by customers around the world and in every industry.

VMTD can detect malware without requiring any additional software installation in their cloud instances. It’s built directly into the hypervisor that powers Google Cloud’s data center infrastructure. Through the hypervisor, the service analyzes data about cloud instances to find crypto mining malware. 

VMTD doesn’t rely on software agents to detect malicious activity, and can be deployed with a few clickswhich means that it can’t be disabled during a cyberattack. This is seen as an added advantage.

Since VMTD made its initial debut in February, Google has made enhancements that enable the service to scan cloud instances for malware more frequently. The service runs scans every 30 minutes and summarizes its findings at the end of each day. 

Google has upgraded the service to scan the most important parts of cloud instances’ memory more often. Moreover, VMTD can now not only detect the presence of malware but also point out the specific software process that is mining cryptocurrency. 


Google plans to extend VMTD to additional cybersecurity use cases with the ability to detect rootkits and bootkits, malicious programs that are often difficult to spot using traditional cybersecurity tools. The fact that VMTD is integrated into its hypervisor enables the service to more effectively detect such programs. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.