A newly uncovered malware campaign is exploiting unsecured Docker environments across the globe, silently enrolling them into a decentralized cryptojacking network that mines the privacy-focused cryptocurrency, Dero.
Cybersecurity firm Kaspersky reports that the attack initiates by targeting exposed Docker APIs on port 2375. Once compromised, the attacker deploys malicious containers and infects existing ones, using system resources to mine Dero and search for other vulnerable hosts — all without relying on a central command-and-control server.
For context, Docker is a platform that uses OS-level virtualization to run applications in lightweight units called containers.
The attackers utilize two implants developed in Golang: one dubbed “nginx,” mimicking the popular web server, and another called “cloud,” which is the actual mining software.
Once a system is breached, the “nginx” component continuously scans the internet for additional misconfigured Docker nodes, using tools like Masscan to identify targets and propagate infection through new containers.
“The entire campaign behaves like a zombie container outbreak,” researchers noted. “One in
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: