Cryptomining Malware Campaign Target Docker Severs

Share post:

Operators of the Lemon_Duck botnet are targeting Docker APIs on Linux servers using a large-scale Monero crypto-mining campaign.

According to a Crowdstrike report, Lemon_Duck operators hide their wallets behind proxy pools. The hackers gain access to exposed Docker APIs and run a malicious container to fetch a Bash script disguised as a PNG image.

The Bash file created by the payload performs several functions including killing processes based on names of known mining pools; killing daemons like crond, sshd, and syslog; and deleting known indicators of compromise (IOC) file paths.

Others include killing network connections to C2s known to belong to competing cryptomining groups and disabling Alibaba Cloud’s monitoring service that protects instances from risky activities.

The Bash script after running the actions above download and run the cryptomining utility XMRig together with a configuration file that hides the actor’s wallets behind the proxy pools.

To keep the Docker threat in check, it is important to configure Docker API deployments security. organizations can do this by checking the platform’s best practices and security recommendations.

Also, organizations are advised to set resource consumption limitations on all containers, impose strict image authentication policies and enforce the principles of least privilege.

The Sources for this piece include an article in BleepingComputer.



Related articles

Okta’s login flaw exposes users to attack, says Mitiga

According to Mitiga, Okta's login system contains a simple error that could expose its users to future attacks. Users...

Congress committee chair to TikTok: ‘Your platform should be banned’

In response TikTok CEO says company is building a 'firewall' around American user data against fore

Beware of scammers using AI-generated voice clones, FTC warns

The Federal Trade Commission (FTC) issued a consumer alert warning people to be vigilant for calls using voice...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways