Cryptojacking worm compromised over 2,000 Docker hosts - Help Net Security

Cryptojacking worm compromised over 2,000 Docker hosts - Help Net Security

Security researchers have discovered a cryptojacking worm that propagates using containers in the Docker Engine (Community Edition) and has spread to more than 2,000 vulnerable Docker hosts.



“The attacker compromised an unsecured Docker daemon, ran the malicious Docker container pulled from Docker Hub, downloaded a few scripts and a list of vulnerable hosts from C2 and repeatedly picked the next target to spread the worm,” Palo Alto Networks’s Unit 42 researchers explained.


A worm named Graboid


Dubbed Graboid by the researchers, the worm carries out cryptojacking inside containers, spreads a few host at a t ..