Dero miner zombies biting through Docker APIs to build a cryptojacking horde
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new Dero mining campaign exploits insecurely published Docker APIs to spread through containerized Linux environments. The attack uses two Golang malware implants: 'nginx' for propagation and 'cloud' for cryptocurrency mining. The 'nginx' malware scans for vulnerable Docker APIs, creates malicious containers, and compromises existing ones. It maintains persistence and spreads without a command-and-control server. The 'cloud' miner is based on the open-source DeroHE CLI project, with hardcoded wallet and node addresses. This campaign differs from previous attacks on Kubernetes clusters by actively spreading and compromising more networks. The threat highlights the importance of securing containerized infrastructures and monitoring for malicious activities.
OPENCTI LABELS :
cloud,linux,exploitation,docker,cryptocurrency mining,nginx,containerized environments,golang malware,dero
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Dero miner zombies biting through Docker APIs to build a cryptojacking horde