Hackers Launched New Cryptojacking Campaign To Find Docker Platforms

News

November 28, 2019

News

Hackers Launched New Cryptojacking Campaign To Find Docker Platforms

November 28, 2019

A group of hackers has launched a new cryptojacking campaign on November 24, scanning as many as 59,000 IP networks to find Docker platforms that have API endpoints exposed online.

Hackers Mass-Scanning Web for Docker Platforms to Mine Cryptocurrencies https://t.co/2znBAxphwD

A new hacking campaign is targeting Docker platforms that have API endpoints exposed online to mine Monero
https://t.co/dUtxFPgeyq News pic.twitter.com/GHXrlZhpLp
— CryptoPost (@crypto_PST) November 27, 2019

On November 26, it has been reported by ZDNet, a business technology publication, that the campaign is targeting vulnerable Docker instances in order to deploy crypto-malware to generate funds for the hacking group by mining Monero (XMR).

It has been analyzed that the mass scanning issue was first discovered by Bad Packets LLC, the American internet security firm, on November 25.

Large uptick in Docker targeted scanning activity started around midnight UTC on 2019-11-24.

Payload script https://t.co/q047bRPUyj has zero detections on VirusTotal (https://t.co/AtCT4qp6qt) despite clear malicious activity.

Archived copy here: https://t.co/pwpVhn4MM9 pic.twitter.com/nDOfO2bKD5
— Bad Packets Report (@bad_packets) November 25, 2019

However, Troy Mursch, the Chief Research Officer and Co-founder of Bad Packets LLC, said that exploit activity targeting exposed Docker instances is not new and happens quite often.

ALSO READ : A Ransomware Attack Targets Government Systems Of Georgia’s Hall County

Docker is a developer tool designed to simplify processes of creating, deploying and running software by using containers. Containers allow developers to package up an application with all of the required parts like libraries and other dependencies and deliver it as one package.

In March 2018, Imperva, a cybersecurity company, reported that 400 Docker servers, which were remotely accessible through an API weakness, contained Monero mining programs.

Reportedly, a group of hackers is now scanning the internet to search for IP networks with exposed Docker platforms to mine crypto. Hackers using Docker pl…Read more: https://t.co/I19GctC9zr
— webnow (@webnowcompany) November 27, 2019

Likewise, Mursch, who reportedly discovered the campaign, told that once the hacking group manages to identify an exposed host, attackers deploy the API endpoint to start an Alpine Linux OS container to run a command that downloads and runs a Bash script from the attackers’ server. That script then reportedly installs a “classic XMRRig cryptocurrency miner.”

According to Mursch, hackers mined 14.82 XMR in the two days the Docker-targeting campaign has been active, which is worth $835 at press time.

ALSO READ : Bitcoin Transaction Moves From Huobi To OKEx Despite Crypto Withdrawals

So, in order to avoid the newly detected vulnerability, Mursch recommends that users who run Docker instances immediately check if they are exposing their API endpoints on the internet, close the ports, and terminate unrecognized running containers.

On November 25, BitBay, the major crypto exchange, announced that the platform will delist Monero due to money laundering concerns.

Thus, BitBay follows other exchanges like OKEx, who have delisted the cryptocurrency in order to remain compliant with guidelines set by the Financial Action Task Force.

Source: zdnet.com | blog.usejournal.com | cointelegraph.com

Disclaimer

Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

INX Signs A Term Sheet For The Acquisition Of OpenFinance

INX has signed a term sheet for the acquisition of OpenFinance, which operates as a registered broker-dealer in compliance with the Financial Industry Regulatory Authority and the Securities Investor Protection...

Telos Launches A New Gig Economy Platform “TelosTask”

Telos, the EOS-based blockchain platform, is launching a new gig economy platform called TelosTask. It has been reported that the new peer-to-peer platform, which built on the Telos blockchain and created by the...

Ishita Bora

Ishita Bora is a Senior Content Creator at Digital Notice Media Labs with an experience of 1 year. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. Her interest lies in blockchain technology and cryptocurrency space, as she loves writing about blockchain and other blockchain-related articles. Currently, she is working on blockchain-based news, reviews, featured articles, and guides.

Disclaimer

You May Also like

INX Signs A Term Sheet For The Acquisition Of OpenFinance

Telos Launches A New Gig Economy Platform “TelosTask”

Ishita Bora

FOLLOW US

SIGN UP FOR OUR NEWSLETTER

Success!

Share This