Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Attack targets are unsafely published Docker APIs. A second malicious software ensures the spread of the miner over compromised containers.

Nginx is not just a web server. A Trojan misuses this name to infiltrate Docker containers unnoticed and automated. (Trojaner, Virus)

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

文章描述了一种通过暴露的 Docker API 传播的新型 Dero 挖矿攻击。恶意软件 nginx 和 cloud 自动化感染容器并创建新恶意容器以传播挖矿活动。该攻击无需 C2 服务器，通过扫描互联网寻找暴露的 Docker 端口 2375 实施入侵。

Dero miner spreads inside containerized Linux environments

Introduction Imagine a container zombie outbreak where a single infected container scans the internet for an exposed Docker API, and bites exploits it by creating new malicious containers and compromising the running ones, thus transforming them into new “zombies” that will mine for Dero currency and continue “biting” new victims. No command-and-control server is required for the delivery, just an exponentially growing number of victims that are…