In findings launched by Cado researchers, they found a malware marketing campaign, coined “Commando Cat,” which is focusing on uncovered
Docker
API endpoints.
The
cryptojacking marketing campaign
has solely been lively for the reason that starting of this yr but it surely’s the second focusing on Docker. The first one used the 9hits visitors trade software, in response to the researchers. However, these Docker assaults aren’t essentially uncommon,
particularly in cloud environments
.
“This marketing campaign demonstrates the continued dedication attackers have to take advantage of the service and obtain a wide range of goals,”
the researchers mentioned
. “Commando Cat is a cryptojacking marketing campaign leveraging Docker as an preliminary entry vector and (ab)utilizing the service to mount the host’s filesystem, earlier than operating a sequence of interdependent payloads straight on the host.”
Because of the extent of redundancy and the quantity of evasion, the marketing campaign is refined in the way it conceals itself. Acting as a
Credential stealer
backdoor, and cryptocurrency miner collectively as one, it makes for a extremely stealthy and malicious menace.