- Security researchers spot a new campaign targeting Docker bodies
- The attack deploys a crypto cloud minor and a worm for additional spread
- The minor generates the money drifts
Pirates build a botnet from poorly configured Docker API instances and use it to extract the Cryptocurry from Dero, experts warned.
Kaspersky security researchers said they had found a “container zombie epidemic” that started with an exposed docker API.
“This has led the containers in progress and the new created not only to divert the victim’s resources for the exploitation of the cryptocurrency, but also to launch external attacks to spread to other networks,” they explained.
Negotiations in progress?
In this zombie epidemic, the “zero patient” is a poorly configured API which is left open to the Internet. There, the attackers deploy a piece of malware disguised as “Nginx”, a high performance open-source web server and an inverted proxy server.
Malware scans for vulnerable and infects them, then creates new malicious containers and forces those existing to exploit Dero. At the same time, it continues to spread to other systems.
This is a two -step process, Kaspersky explains. Nginx is the propagation tool that scans for new victims, the minor being a cloud -based solution. The two components are written in Golang, which makes them quite difficult to detect.
Kaspersky also says that, unlike traditional cryptojacking campaigns, it is not based on a control and control server (C2), but is rather independently spreads, like a worm.
Users performing Docker must check their API settings and ensure that it is not exposed to the Internet. In addition, they should strengthen their connection identification information and perform regular security audits and surveillance.
While cybercriminals generally divert servers to exploit Monero with XMRIG, this is not the first time that the researchers have spotted Dero. According to The Hacker NewsCrowdsstrike saw clusters of Kubernetes targeted in March 2023, and subsequent iteration of the same campaign was spotted by WIZ in June 2024.
Similar to Monero, Dero is also a layer 1 blockchain focused on confidentiality, designed to support decentralized applications (DAPP) and smart contracts.
Via The Hacker News
