- Security researchers detect a new campaign directed at Docker’s instances
- The attack displays a cryptographic mining in the cloud and a worm for greater propagation
- The miner generates the currency of tears
Computer pirates are building a botnet with badly configured Docker API instances and use it to extract the cryptocurrencies from the deros, experts warned.
Kaspersky Security Researchers reported to find a “container zombie outbreak” that began with an exhibited Docker API.
“This led to the execution containers committed and created new not only to kidnap the victim’s resources for cryptocurrency mining, but also to launch external attacks to spread to other networks,” they explained.
Ongoing negotiations?
In this zombie outbreak, the “zero patient” is a poorly configured API that is left open to the Internet. There, the attackers implement a piece of malware disguised as ‘NGINX’, a high -performance web server, open source and proxy inverse server.
Malware scan for vulnerable instances and infects them, and then creates new malicious containers and forces existing ones to mining. At the same time, it continues to spread to other systems.
This is a two -step process, Kaspersky explains. NGINX is the propagation tool that scan for new victims, and the miner is a cloud -based solution. Both components are written in Golang, which makes them quite difficult to detect.
Kaspersky also says that, unlike traditional cryptojacking campaigns, it does not depend on a command and control server (C2), but that it extends autonomously, as a worm.
Users who execute Docker should consult their API settings and make sure they are not exposed to the Internet. In addition, they must strengthen their login credentials and perform regular security audits and monitoring.
While cybercriminals generally kidnap servers to extract monero with the XMRIG, this is not the first time that investigators wear the right. According The hacker newsCrowdstrike saw the groups of Kubernetes attacked in March 2023, and Wiz saw a subsequent iteration of the same campaign in June 2024.
Similar to Monero, Dero is also a layer 1 block chain centered on privacy, created to admit decentralized applications (DAPPS) and intelligent contracts.
Through The hacker news
