Monero cryptominers hijack hundreds of unpatched Docker hosts
Cyber Security

Monero cryptominers hijack hundreds of unpatched Docker hosts

A recently-disclosed vulnerability in the containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on of servers.

Security company Imperva used Shodan to find open ports running Docker, finding 3,822 on which the platform’s remote API was publicly exposed.

Of these, around 400 had accessible IP addresses on port 2735/2736, the API’s listening ports.  The majority turned out to be running cryptominers, with legitimate MySQL and Apache production servers on a smaller number.

Used to configure containers, Docker’s API ports shouldn’t be accessible externally. Combined with CVE-2019-5736, a critical root access vulnerability in Docker’s default container runtime, runC, this will could quickly lead to a full compromise.

You might also like

A Bug Let Attackers Hijack Firefox on Android via Wi-Fi Network

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Nigerians face US charges over online fraud worth ‘hundreds of millions’

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More