CyberSecurityBoard
Sponsor Register Login

Novel Crytpojacking Campaign is Targeting Docker APIs Across the Internet

Cado security researchers recently identified a sophisticated cryptojacking campaign that exploits exposed Docker API endpoints over the internet.
The first container, created with the Commando open-source tool, seems innocent, but it allows the criminals to escape and launch several payloads on the Docker host itself.
The payloads delivered are determined by the campaign's short-term targets, which include establishing persistence, backdooring the host, exfiltrating cloud service provider credentials, and activating cryptocurrency miners, according to the researchers.
This campaign's cryptocurrency miner is the famed XMRig, a popular cryptojacker that mines Monero, a privacy-oriented currency that is nearly impossible to track.
Cado Security's researchers added that Commando cat temporarily stores stolen files in a separate folder, implying that this is done as an evasion tactic.
At press time, the researchers had no idea who the threat actors behind Commando Cat were, although they did detect resemblance in shell scripts and C2 IP addresses with another cryptojacking outfit dubbed TeamTNT. Cado does not believe TeamTNT is behind this particular effort and instead suspects a copycat organisation.
The researchers advised that users should upgrade their Docker instances and install necessary security measures to safeguard themselves from such attacks.
Last month, the same cybersecurity team uncovered a similar campaign that used insecure Docker hosts to install both XMRig and the 9Hits Viewer software.
9hits is an online traffic exchange platform that allows users to drive traffic to each other.
When a user installs 9hits, their device visits the websites of other members using a headless Chrome instance.
In exchange, the user earns credits, which may subsequently be used to attract traffic to their own websites.
Installing 9hits on compromised Docker instances generates more credits, which the attackers can then use to buy more traffic.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 04 Feb 2024 15:43:05 +0000


Cyber News related to Novel Crytpojacking Campaign is Targeting Docker APIs Across the Internet

Zombie APIs: The Scariest Threat Lurking in The Shadows? - Designed to rapidly and seamlessly connect consumers and businesses to vital data and services, APIs power modern enterprises and applications. APIs are constantly in action, working in the background for when consumers finally book that dream ...
11 months ago Cyberdefensemagazine.com
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
2 months ago Thehackernews.com
Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
1 year ago Feeds.dzone.com
Novel Crytpojacking Campaign is Targeting Docker APIs Across the Internet - Cado security researchers recently identified a sophisticated cryptojacking campaign that exploits exposed Docker API endpoints over the internet. The first container, created with the Commando open-source tool, seems innocent, but it allows the ...
10 months ago Cysecurity.news
Python Malware Poses DDoS Threat Via Docker API Misconfiguration - Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF ...
1 year ago Infosecurity-magazine.com
Cybersecurity challenges emerge in the wake of API expansion - As the technological landscape increasingly integrates AI, Cindric anticipates a profound impact on the evolution of APIs, emphasizing the growing importance of API security, authentication, and the challenges posed by zombie endpoints. Your recent ...
11 months ago Helpnetsecurity.com
Unified API Protection - A massive segment of organizations' digital footprint today is built around internal and external APIs. As more IT leaders realize and acknowledge the size of APIs' influence, it's become clear that new methods are needed to secure those APIs. While ...
1 year ago Cequence.ai
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
10 months ago Cybersecurity-insiders.com
10 Ways a Digital Shield Protects Apps and APIs - While far from perfect, this approach provided multilayer security defenses to protect apps and APIs. As network architectures gradually became more complex, so did protecting apps and APIs. The on-premises enterprise environment gave way to a hybrid ...
7 months ago Darkreading.com
Cloudflare Report Surfaces Lots of API Insecurity - A report published by Cloudflare today finds machine learning algorithms employed by the content delivery network provider found 31% more REST application programming interface endpoints than its customers have self-reported. More than 15,000 ...
11 months ago Securityboulevard.com
New Malware Campaign Exploits 9hits in Docker Assault - Security researchers have uncovered a novel cyber-attack campaign targeting vulnerable Docker services. The attacks mark the first documented case of malware utilizing the 9hits application as a payload. Discovered by Cado Security Labs, the campaign ...
11 months ago Infosecurity-magazine.com
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
2 months ago Cybersecuritynews.com
APIs are increasingly becoming attractive targets - APIs, a technology that underpins today's most used sites and apps, are being leveraged by businesses more than ever-ultimately opening the door to more online threats than seen before, according to Cloudflare. APIs power the digital world-our ...
11 months ago Helpnetsecurity.com
Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
1 year ago Infosecurity-magazine.com
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)