Through data analysis of the container honeypots weve set up to monitor threats, weve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers cryptocurrency-mining malware. Networking tools are retrieved to carry out lateral movement on other exposed containers and applications.
The activities we uncovered are also significant in that they dont need to exploit vulnerabilities and dont depend on any version of Docker. Identifying a misconfigured and thus exposed container image is all it could take for attackers to infect many exposed hosts.
The post Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware appeared first on .