Security News > 2020 > July > Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud.

According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.

Late last month, malicious actors were found targeting exposed Docker API endpoints and crafted malware-infested images to facilitate DDoS attacks and mine cryptocurrencies.

Users and organizations who run Docker instances are advised not to expose docker APIs to the Internet, but if you still need to, ensure that it is reachable only from a trusted network or VPN, and only to trusted users to control your Docker daemon.

If you manage Docker from a web server to provision containers through an API, you should be even more careful than usual with parameter checking to ensure that a malicious user cannot pass crafted parameters causing Docker to create arbitrary containers.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Of2qe5V0Wgk/docker-linux-malware.html