Kiss-a-Dog Cryptojacking Campaign Targets Docker and Kubernetes

A new cryptojacking marketing campaign has been learned targeting susceptible Docker and Kubernetes infrastructure.

Dubbed ‘Kiss-a-dog’ by CrowdStrike security scientists, the campaign has made use of a number of command-and-handle (C2) servers to launch attacks aiming at mining cryptocurrency.

The danger actors have also utilized consumer and kernel manner rootkits to conceal the action, backdoor compromised containers, go laterally in the network and attain persistence. 

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“CrowdStrike has earlier uncovered strategies focusing on susceptible cloud infrastructure by cryptojacking botnets/groups like LemonDuck and Watchdog,” reads an advisory printed by the crew on Wednesday.

“Kiss-a-puppy depends on instruments and tactics formerly linked with cryptojacking teams like TeamTNT, which focused vulnerable Docker and Kubernetes infrastructure.” 

In accordance to the security authorities, the crypto crash in mid-2022 brought on several risk groups to diminish their activity targeting electronic currencies in containerized environments. The craze would now be altering upward alongside the value of cryptocurrencies.

“In September 2022, a single of CrowdStrike’s honeypots spotted a variety of campaigns enumerating vulnerable container attack surfaces like Docker and Kubernetes,” the firm wrote.

“The Kiss-a-pet campaign takes advantage of a host mount to escape from the container. The system itself is not new and looks to be popular among the crypto miners as an endeavor to crack out of containers,” CrowdStrike described.

“This is attributed to a lack of innovation by attackers and at the similar time speaks to the huge and quick Docker attack surface area uncovered and available on the internet.”

The cybersecurity organization has also explained that these strategies by cryptojacking teams could previous from days to months, based on the achievements amount of the attacks.

“As cryptocurrency selling prices have dropped, these campaigns have been muffled in the earlier few of months till numerous strategies were released in October to just take advantage of a very low competitive atmosphere,” warned CrowdStrike.

“Cloud security practitioners need to have to be conscious of such campaigns and make absolutely sure that their cloud infrastructure does not tumble prey.”

For a lot more information about how to safe Kubernetes environments, you can go through this the latest investigation by James Brown, senior vice president of purchaser results at Lacework.