VERY IMPORTANT

SentinelLabs recently detected a cryptocurrency mining campaign affecting Docker Linux systems. The Docker software platform has witnessed huge growth among enterprises due to its ability to push out applications in small, resource-frugal containers. This, combined with the fact that many security solutions lack visibility into container images, makes them ideal targets for low-risk, finance-driven campaigns. The campaign seen by SentinelLabs doesn’t use notable exploit components but rather uses a few simple obfuscation methods. The miner calls a few bash scripts and then uses steganography to evade legacy AVs or casual inspection.