Security News > 2022 > April > Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign.

With compromised cloud instances becoming a hotbed for illicit cryptocurrency mining activities, the findings underscore the need to secure containers from potential risks throughout the software supply chain.

The malware payloads, which are said to have been modified in response to previous public disclosures, are primarily designed to target Amazon Web Services while simultaneously focused on cryptocurrency mining, persistence, lateral movement, and disabling cloud security solutions.

In yet another instance of how threat actors quickly co-opt newly disclosed flaws into their attacks, the critical remote code execution bug in Spring Framework has been weaponized to deploy cryptocurrency miners.

The exploitation attempts make use of a custom web shell to deploy the cryptocurrency miners, but not before turning off the firewall and terminating other virtual currency miner processes.

"These cryptocurrency miners have the potential to affect a large number of users, especially since Spring is the most widely used framework for developing enterprise-level applications in Java," Trend Micro researchers Nitesh Surana and Ashish Verma said.

News URL

https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html