BSV
$46.69
Vol 15.15m
-0.21%
BTC
$68865
Vol 41083.29m
0.34%
BCH
$338.48
Vol 274.23m
1.33%
LTC
$67.01
Vol 310.61m
1%
DOGE
$0.16
Vol 3593.55m
11.41%
Getting your Trinity Audio player ready...

On November 26th, business technology publication ZDNet reported that a group of hackers launched a new crypto-jacking campaign. Starting on November 24th, vulnerable Docker instances were targeted with the goal of deploying cryptojacking software.

The hackers so far have scanned up to 59,000 IP networks to find Docker platforms with API endpoints exposed online. Machines with an opening get Monero (XMR) mining software dropped onto them.

The issue was first discovered by American internet security firm Bad Packets LLC on November 25th. Troy Mursch, Co-Founder and Chief Research Officer of Bad Packets LLC, reportedly found the campaign. He told ZDNet that once the attackers manage to identify an exposed host, attackers deploy the API endpoint to start an Alpine Linux OS container to run a command that downloads and runs a Bash script from the attackers’ server. The script then installs a “classic XMRRig cryptocurrency miner.

“Users of the Bad Packets CTI API will note that exploit activity targeting exposed Docker instances is nothing new and happens quite often,” Mursch told ZDNet. In March 2018, cybersecurity firm Imperva reported that 400 Docker servers contained Monero mining programs. The docker instances were remotely accessible through an API weakness.

The ZDNet reports states that hackers mined 14.82 XMR in the two days the Docker-targeting campaign has been active, which is worth over $800 at press time. “What set this campaign apart was the large uptick of scanning activity. This uptick alone warranted further investigation to find out what this botnet was up to,” Murch said.

Also, this malware operation comes with a self-defense measure. While looking through this script, Mursch observed that they not only saw that hackers are disabling security products, but the hackers are shutting down processes associated with rival cryptocurrency-mining botnets, such as DDG.

Docker is a developer tool intended to simplify the process of creating, deploying, and running software by using containers. Containers enable developers to package up an application with all of the necessary parts like libraries and other dependencies and deliver it as one package.

For now, Mursch suggests that users who run Docker immediately check if they are exposing their API endpoints on the internet. If so, close the ports and terminate unrecognized running containers.

Recommended for you

How to construct transactions on BSV blockchain with Python
Python coders, it's time to start learning how to build Bitcoin transactions as nChain's Senior Software Engineer, Arthur Gordon, recently...
November 5, 2024
BSV Association joins OnlyDust’s developer event sponsor list
OnlyDust is a network for open-source developers working with blockchain and decentralized projects; its purpose is to connect contributors, maintainers,...
October 23, 2024
Advertisement
Advertisement
Advertisement