• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Crypto-Mining Botnet Goes After Misconfigured Docker APIs

You are here: Home / General Cyber Security News / Crypto-Mining Botnet Goes After Misconfigured Docker APIs
April 22, 2022

A notorious cryptocurrency mining botnet has begun focusing on misconfigured Docker APIs, according to CrowdStrike.

LemonDuck has been noticed exploiting ProxyLogon vulnerabilities in Microsoft Trade Server and employing EternalBlue and other exploits to mine cryptocurrency, escalate privileges and move laterally inside of compromised networks.

Now its notice has turned to a single of the world’s most preferred containerization platforms.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The botnet is concentrating on uncovered Docker APIs in purchase to gain preliminary obtain, CrowdStrike defined.

“It runs a destructive container on an exposed Docker API by using a customized Docker Entrypoint to down load a ‘core.png’ impression file that is disguised as Bash script,” it said in a site write-up yesterday.

Just before the payload – an “a.asp” file – is downloaded and mining can begin, it performs a number of steps, like killing the procedures, IOC file paths and C&C connections of competing crypto-mining groups.

The a.asp file also has the functionality to change off Alibaba’s cloud checking provider in buy to fly below the radar of network defenders.

LemonDuck tries to shift laterally by hunting for SSH keys on a filesystem, applying them to log into further servers and operate its malicious scripts.

The researchers also observed numerous strategies running from numerous of the C&C servers associated with LemonDuck, including types concentrating on Windows and Linux machines.

“Due to the cryptocurrency boom in modern several years, put together with cloud and container adoption in enterprises, cryptomining is confirmed to be a monetarily beautiful option for attackers,” CrowdStrike concluded.

“Since cloud and container ecosystems intensely use Linux, it drew the notice of the operators of botnets like LemonDuck, which began focusing on Docker for cryptomining on the Linux platform.”

The campaign highlights the want for directors to be certain their container environments are properly configured in accordance to industry most effective practices, and preferably with cloud workload security and detection and response instruments put in.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «qnap advises users to update nas firmware to patch apache QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Crypto-Mining Botnet Goes After Misconfigured Docker APIs
  • QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
  • Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
  • Bob’s Red Mill Reports Data Breach
  • FBI Seeks Info on BlackCat
  • North Korea Funding Nuclear Program with Cyber Activity
  • Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers
  • Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers
  • Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
  • Five Eyes nations warn against impending Russian cyber attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.