A new malware campaign targets exposed Docker API instances, using them to create a botnet for mining Dero cryptocurrency. The malware spreads worm-like to other Docker containers, creating new malicious containers and compromising existing ones. Developed in Golang, it uses 'nginx' and 'cloud' payloads to disguise as legitimate software, ensuring persistence by modifying the system's startup settings. This attack highlights the need for secure Docker API configurations to prevent such vulnerabilities.
Sort: