Hackers Hijack Docker Instances with Exposed API Endpoints

Hackers Hijack Docker Instances with Exposed API Endpoints

A hacking group has launched a new cryptojacking campaign earlier this week. The hackers have scanned over 59,000 IP networks searching for Docker platforms that have API endpoints exposed online, the report says.

According to the 26 November report, the campaign is targeting vulnerable Docker instances. The campaign lets the hackers send commands to the Docker instance and deploy a crypto-malware on a company’s Docker instances. This generates funds for the hackers’ own profits by mining Monero (XMP).

American internet security firm Bad Packets LLC first found the campaign on November 25.

Chief research officer and co-founder of Bad Packets LLC, Troy Mursch thinks that exploit activity targeting Docker systems with exposed API endpoints happens quite often. Last year, cybersecurity company Imperva reported that 400 Docker servers, which were remotely accessible through an API weakness, contained Monerno mining programs.

Mursch, who discovered the mass scanning issue, said that once the hackers manage to identify an exposed host, the attacher group deploys the API endpoint to start an Alpine Linux OS container. Afterward, the sent command downloads and runs a Bash script from the hackers’ server. That script installs a classic XMRRig crypto miner, Mursch says.

Hacking Group Mining 14.82 Moneros in Two Days

Karlsson’s Fraudulent Scheme to Garner Money in BTCMursch reports that hackers mined 14.82 XMR in two days from the Docker-targeting campaign activation. Which is worth $835 at press time.

Docker is a tool that helps to create, deploy and run different applications easily by using containers. The containers allow a developer to package up an application with all of the needed parts. These include libraries and other dependencies and ship them as one package.

To avoid the recently detected vulnerability, Mursch says organizations and users who run Docker instances should immediately check if they are exposing their API endpoints on the internet, close the ports, and terminate unrecognized running containers.

Due to money laundering concerns BitBay, the major crypto exchange announced that the platform will delist Monero. Other exchanges such as OKEx delisted a slew of privacy-oriented coins including Monero. This occurred in September in order to remain compliant with the guidelines of the Financial Action Task Force.