Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware
released on 2019-03-06 @ 02:09:48 PM
Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers cryptocurrency-mining malware. Networking tools are retrieved to carry out lateral movement on other exposed containers and applications.