• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Crypto-Mining Botnet Goes After Misconfigured Docker APIs

You are here: Home / General Cyber Security News / Crypto-Mining Botnet Goes After Misconfigured Docker APIs
April 22, 2022

A notorious cryptocurrency mining botnet has begun focusing on misconfigured Docker APIs, according to CrowdStrike.

LemonDuck has been noticed exploiting ProxyLogon vulnerabilities in Microsoft Trade Server and employing EternalBlue and other exploits to mine cryptocurrency, escalate privileges and move laterally inside of compromised networks.

Now its notice has turned to a single of the world’s most preferred containerization platforms.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The botnet is concentrating on uncovered Docker APIs in purchase to gain preliminary obtain, CrowdStrike defined.

“It runs a destructive container on an exposed Docker API by using a customized Docker Entrypoint to down load a ‘core.png’ impression file that is disguised as Bash script,” it said in a site write-up yesterday.

Just before the payload – an “a.asp” file – is downloaded and mining can begin, it performs a number of steps, like killing the procedures, IOC file paths and C&C connections of competing crypto-mining groups.

The a.asp file also has the functionality to change off Alibaba’s cloud checking provider in buy to fly below the radar of network defenders.

LemonDuck tries to shift laterally by hunting for SSH keys on a filesystem, applying them to log into further servers and operate its malicious scripts.

The researchers also observed numerous strategies running from numerous of the C&C servers associated with LemonDuck, including types concentrating on Windows and Linux machines.

“Due to the cryptocurrency boom in modern several years, put together with cloud and container adoption in enterprises, cryptomining is confirmed to be a monetarily beautiful option for attackers,” CrowdStrike concluded.

“Since cloud and container ecosystems intensely use Linux, it drew the notice of the operators of botnets like LemonDuck, which began focusing on Docker for cryptomining on the Linux platform.”

The campaign highlights the want for directors to be certain their container environments are properly configured in accordance to industry most effective practices, and preferably with cloud workload security and detection and response instruments put in.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «qnap advises users to update nas firmware to patch apache QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
Next Post: Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud watch out! cryptocurrency miners targeting dockers, aws and alibaba cloud»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • How To Comply With The Cyber Insurance MFA Checklistwww.silverfort.comMulti-Factor AuthenticationLearn how to comply with the checklist of resources requiring MFA coverage in cyber insurance policies.
  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support

Copyright © TheCyberSecurity.News, All Rights Reserved.