Monero cryptominers hijack hundreds of unpatched Docker hosts

A recently-disclosed vulnerability in the containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on of servers.

Security company Imperva used Shodan to find open ports running Docker, finding 3,822 on which the platform’s remote API was publicly exposed.

Of these, around 400 had accessible IP addresses on port 2735/2736, the API’s listening ports.  The majority turned out to be running cryptominers, with legitimate MySQL and Apache production servers on a smaller number.

Used to configure containers, Docker’s API ports shouldn’t be accessible externally. Combined with CVE-2019-5736, a critical root access vulnerability in Docker’s default container runtime, runC, this will could quickly lead to a full compromise.

You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More