Security News > 2020 > April > Kinsing Linux Malware Deploys Crypto-Miner in Container Environments
A campaign that has been ongoing for months is targeting misconfigured open Docker Daemon API ports to install a piece of malware named Kinsing, which in turn deploys a cryptocurrency miner in compromised container environments.
As part of the attack, hackers abuse misconfigured Docker API ports to run an Ubuntu container hosting Kinsing.
The Kinsing malware in the container executes a cryptocurrency miner and then attempts to further spread, targeting both containers and hosts.
The shell script was designed to disable security measures and clear logs, as well as to remove rival malware and crypto-miners by killing their applications, deleting associated files, and terminating any running rival malicious Docker containers and deleting their images.
The script downloads the Kinsing malware and runs it, achieves persistence via the crontab, and looks for additional commands running in cron to delete them.
News URL
Related news
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)