Hackers Are Targeting Vulnerable Docker Remote API Servers to Mine Cryptocurrency-web3.0-php.cn

Home

web3.0

Hackers Are Targeting Vulnerable Docker Remote API Servers to Mine Cryptocurrency

Patricia Arquette

Oct 24, 2024 pm 09:43 PM

Docker API servers cryptomining malware

Hackers are targeting vulnerable Docker remote API servers, and using them to mine cryptocurrencies on the underlying hardware, experts have warned.

Hackers Are Targeting Vulnerable Docker Remote API Servers to Mine Cryptocurrency

Hackers are targeting vulnerable Docker remote API servers, and using them to mine cryptocurrencies on the underlying hardware, experts have warned.

Cybersecurity researchers from Trend Micro stated the crooks took an “unconventional approach” with this attack, noting, "The threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host."

"The attacker first checked the availability and version of the Docker API, then proceeds with requests for gRPC/h2c upgrades and gRPC methods to manipulate Docker functionalities."

Which tokens are they mining?

The experts explained that the crooks would first seek out public-facing Docker API hosts where HTTP/2 protocol can be upgraded. Then, they would send out a request to upgrade to the h2c protocol which, after conclusion, allows them to create a container. That container is ultimately used to mine cryptocurrencies for the attackers, via the SRBMiner payload, hosted on GitHub.

The researchers added the crooks used SRBMiner to mine the XRP token, native to the Ripple blockchain built by the company of the same name. However, XRP is a minted token that cannot be mined. We asked Trend Micro for clarification.

SRBMiner uses algorithms like RandomX, KawPow for mining. It can generate a number of different tokens for its operators, but not XRP. Among the available tokens are Monero, Ravencoin, Haven Protocol, Wownero, and Firo.

It’s safe to assume that the crooks were actually mining Monero, one of the most popular tokens among cybercriminals, given its advanced privacy and anonymity features. Monero is also commonly mined via the XMRig cryptojacker, and its ticker is XRM, quite close to XRP.

Trend Micro warned all users to secure their Docker remote API servers by implementing stronger access controls and authentication mechanisms, thus barring access to unauthenticated individuals. Furthermore, users are advised to monitor the servers for unusual activities, and implement best practices for container security.

Via The Hacker News

The above is the detailed content of Hackers Are Targeting Vulnerable Docker Remote API Servers to Mine Cryptocurrency. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

FloppyPepe (FPPE) Price Could Explode As Bitcoin (BTC) Price Rallies Towards $450,000May 09, 2025 am 11:54 AM

According to a leading finance CEO, the Bitcoin price could be set for a move to $450,000. This Bitcoin price projection comes after a resurgence of good performances, signaling that the bear market may end.

Pi Network Confirms May 14 Launch—Qubetics and OKB Surge as Best Cryptos to Join for Long Term in 2025May 09, 2025 am 11:52 AM

Explore why Qubetics, Pi Network, and OKB rank among the Best Cryptos to Join for Long Term. Get updated presale stats, features, and key real-world use cases.

Sun Life Financial Inc. (TSX: SLF) (NYSE: SLF) Declares a Dividend of $0.88 Per ShareMay 09, 2025 am 11:50 AM

TORONTO, May 8, 2025 /CNW/ - The Board of Directors (the "Board") of Sun Life Financial Inc. (the "Company") (TSX: SLF) (NYSE: SLF) today announced that a dividend of $0.88 per share on the common shares of the Company has been de

Sun Life Announces Intended Renewal of Normal Course Issuer BidMay 09, 2025 am 11:48 AM

May 7, 2025, the Company had purchased on the TSX, other Canadian stock exchanges and/or alternative Canadian trading platforms

The Bitcoin price has hit $100k for the first time since February, trading at $101.3k at press time.May 09, 2025 am 11:46 AM

BTC's strong correlation with the Global M2 money supply is playing out once again, with the largest cryptocurrency now poised for new all-time highs.

Coinbase (COIN) Q1 CY2025 Highlights: Revenue Falls Short of Expectations, but Sales Rose 24.2% YoY to $2.03BMay 09, 2025 am 11:44 AM

Blockchain infrastructure company Coinbase (NASDAQ: COIN) fell short of the market’s revenue expectations in Q1 CY2025, but sales rose 24.2% year

Ripple Labs and the SEC Have Officially Reached a Settlement AgreementMay 09, 2025 am 11:42 AM

Ripple Labs and the U.S. Securities and Exchange Commission (SEC) have officially reached a deal that, if approved by a judge, will bring their years-long legal battle to a close.