Hackers are now scanning IP networks to attack Dockers with Monero mining malware

Reportedly, a group of hackers is now scanning the internet to search for IP networks with exposed Docker platforms to mine crypto.

Hackers using Docker platform to deploy monero mining gear

The hackers are looking for Docker platforms with exposed API endpoints that can be used to target them and use these networks for mining crypto assets. The hackers are using these platforms to deploy mining malware that earns revenue by mining Monero coins. The issue was first detected by cybersecurity company Bad Packets.

The chief research officer at Bad Packets, Troy Mursch stated that exploiting Docker platforms was not a new thing to the industry. He noted that such instances in which exposed endpoints of Dockers were targeted occurred quite often. He also revealed that in March 2018 there were 400 reported Docker platforms with Monero mining malware.

Mursch revealed that once the attackers found exposed Docker platforms on the internet, they deployed an API endpoint to start mining. The software ran a command in the system that downloads a Bash script from the hackers. The file then starts installing a mining software called “classic XMRRig cryptocurrency miner.”

Now the hackers have mined nearly 15 Monero coins which are worth over 800 dollars at the current trading price.

Docker is a developing tool that assists in operating software. The tool simplifies the complex processes involved in creating and deploying software by using containers. The containers package all files of the application and pack it as one.

Mursch advised users to verify whether their Dockers were exposing their API endpoints. He stated that if it was exposed, then users should close the port and delete all unrecognised containers.