Security News > 2020 > July > Undetectable Linux Malware Targeting Docker Servers With Exposed APIs
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud.
According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
Late last month, malicious actors were found targeting exposed Docker API endpoints and crafted malware-infested images to facilitate DDoS attacks and mine cryptocurrencies.
Users and organizations who run Docker instances are advised not to expose docker APIs to the Internet, but if you still need to, ensure that it is reachable only from a trusted network or VPN, and only to trusted users to control your Docker daemon.
If you manage Docker from a web server to provision containers through an API, you should be even more careful than usual with parameter checking to ensure that a malicious user cannot pass crafted parameters causing Docker to create arbitrary containers.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Of2qe5V0Wgk/docker-linux-malware.html
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)