A hacking group has launched a new cryptojacking campaign earlier this week. The hackers have scanned over 59,000 IP networks searching for Docker platforms that have API endpoints exposed online, the report says.
American internet security firm Bad Packets LLC first found the campaign on November 25.
According to the report, the campaign is targeting Docker instances that are vulnerable. The campaign lets the hackers send commands to the Docker platform and deploy a crypto-malware on a company’s Docker instances. This generates funds for hackers’ profits by mining Monero (XMP).
Troy Mursch, who discovered the mass scanning issue, said that once the hackers manage to identify an exposed host, the attacher group deploys the API endpoint to start an Alpine Linux OS container. Afterward, the sent command downloads and runs a Bash script from the hackers’ server. That script installs a classic XMRRig crypto miner, Mursch says.
Mursch, Chief research officer and co-founder of Bad Packets LLC, thinks that exploit activity targeting Docker systems with exposed API endpoints happens quite often. Last year, cybersecurity company Imperva reported that 400 Docker servers, which were remotely accessible through an API weakness, contained Monerno mining programs.
14.82 XMR Mined During the Docker-Targeting Campaign
Mursch says that hackers mined 14.82 XMR in two days from the Docker-targeting campaign activation. Which is worth $835 at press time.
Docker is a tool that helps to create, deploy, and run different applications efficiently by using containers. The containers allow a developer to package up an application with all of the needed parts. These include libraries and other dependencies and ship them as one package.
To avoid the recently detected vulnerability, Mursch says organizations and users who run Docker instances should immediately check if they are exposing their API endpoints on the internet, close the ports, and terminate unrecognized running containers.
Due to money laundering concerns BitBay, the major crypto exchange announced that the platform would delist Monero. Other exchanges such as OKEx delisted a slew of privacy-oriented coins, including Monero. This occurred in September to remain compliant with the guidelines of the Financial Action Task Force.