Researchers have found what they are calling the first crpytojacking worm to spread to and from compromised containers in the Docker Engine.
Named Graboid as an homage to the monster worm in the 1990 movie Tremors, the malware mines Monero cryptocurrency from infected machines and randomly spreads to other vulnerable hosts. Indeed, the malware contains a list of over 2,000 IPs belonging to hosts with unsecured Docker API endpoints that are openly exposed to the internet, and thus susceptible to infection. More than half of the IPs, 57.4 percent, are based in China; the U.S. has the next highest share, at 13 percent.
Graboid mines coins in 250-second spurts, and is active 63 percent of the time, according to Palo Alto Networks’ Unit 42 threat intelligence team, which unearthed the malware and detailed it today in a blog post authored by Senior Cloud Vulnerability and Exploit Researcher Jay Chen.
According to Unit 42, the attackers behind the worm were able to establish an initial foothold into their hosts by installing malicious images on unsecured Docker daemons. “Because most traditional endpoint protect ..
Support the originator by clicking the read the rest link below.
