Security News > 2020 > July > Undetectable Linux Malware Targeting Docker Servers With Exposed APIs
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud.
According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
Late last month, malicious actors were found targeting exposed Docker API endpoints and crafted malware-infested images to facilitate DDoS attacks and mine cryptocurrencies.
Users and organizations who run Docker instances are advised not to expose docker APIs to the Internet, but if you still need to, ensure that it is reachable only from a trusted network or VPN, and only to trusted users to control your Docker daemon.
If you manage Docker from a web server to provision containers through an API, you should be even more careful than usual with parameter checking to ensure that a malicious user cannot pass crafted parameters causing Docker to create arbitrary containers.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Of2qe5V0Wgk/docker-linux-malware.html
Related news
- Ebury botnet malware infected 400,000 Linux servers since 2009 (source)
- Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (source)
- Researchers sinkhole PlugX malware server with 2.5 million unique IPs (source)
- Millions of Docker repos found pushing malware, phishing sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Ebury botnet compromises 400,000+ Linux servers (source)
- Police seize over 100 malware loader servers, arrest four cybercriminals (source)
- Police seize over 100 malware loader servers, arrest four cybercriminals (source)
- Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (source)