Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malicious actor has been observed targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker utilizes the gRPC protocol over h2c (clear text HTTP/2 protocol) to evade security measures and execute cryptomining operations on Docker hosts. The attack process involves checking Docker API availability, requesting gRPC/h2c upgrades, and using gRPC methods to manipulate Docker functionalities. The attacker then downloads and deploys SRBMiner from GitHub, initiating mining to their cryptocurrency wallet and public IP address. This exploitation of Docker's remote management APIs highlights the importance of proper configuration and security measures in containerized environments.
OPENCTI LABELS :
cryptomining,docker,container security,http/2,xrp,grpc,remote api,srbminer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach