Security News > 2020 > December > Misconfigured Docker Servers Under Attack by Xanthe Malware
Researchers first discovered Xanthe targeting a honeypot, which they created with the aim of discovering Docker threats.
Misconfigured Docker servers are another way that Xanthe spreads.
Researchers said that Docker installations can be easily misconfigured and the Docker daemon exposed to external networks with a minimal level of security.
Various past campaigns have been spotted taking advantage of such misconfigured Docker installations; for instance, in September, the TeamTNT cybercrime gang was spotted attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope.
In April, an organized, self-propagating cryptomining campaign was found targeting misconfigured open Docker Daemon API ports; and in October 2019, more than 2,000 unsecured Docker Engine hosts were found to be infected by a cyptojacking worm dubbed Graboid.
News URL
https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/
Related news
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)