A new malware campaign has emerged that targets misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The campaign, highlighted by Kaspersky, features worm-like capabilities allowing it to spread by exploiting exposed Docker APIs. Initially, attackers gain access through insecure configurations and then deploy propagation malware named 'nginx' and a Dero miner. This malware not only mines cryptocurrency but also facilitates external attacks, increasing its reach by scanning for additional vulnerable Docker instances to compromise.
Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet.
The attack chain is realized through two components: A propagation malware 'nginx' that scans the internet for exposed Docker APIs and the 'cloud' Dero cryptocurrency miner.
Collection
[
|
...
]