Security News > 2023 > January > Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments.
Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.
Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a "Large amount of clusters" infected in this manner.
"In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat," Bruskin explained.
"Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources," Bruskin said.
Attackers can gain access to the cluster by taking advantage of known vulnerabilities in images."
News URL
https://thehackernews.com/2023/01/kinsing-cryptojacking-hits-kubernetes.html
Related news
- Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)