Over the past few months, a malware campaign has been scanning the Internet for Docker servers running API ports exposed without a password.
Then, the hackers are breaking into the unprotected hosts and installing a new crypto-mining software called Kinsing, according to researchers at Aqua Security.
After the hackers find a Docker instance with an exposed API port, they use the access to spin up an Ubuntu container, and download and install the Kinsing malware.
In addition to mining cryptocurrency on the hacked Docker instance, the malware runs scripts that remove other malware that may be running locally.
It also gathers local SSH credentials in an effort to spread to a company's container network, in order to infect other cloud systems with the same malware.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA