Home Illicit Bitcoin mining malware detected by researchers
Crypto News

Illicit Bitcoin mining malware detected by researchers

FX Street
Updated:
  • Researchers at Aqua Security have detected a campaign that targets thousands of Docker servers with a BTC miner.
  • The scope and ambition of the campaign reveal that the attackers have been using significant infrastructure and resources.

Cybersecurity researchers at Aqua Security have identified a campaign that targets thousands of Docker servers daily with a Bitcoin (BTC) miner. In a recent report published by them, the firm issued a warning regarding the attack, which has “been going on for months, with thousands of attempts taking place nearly on a daily basis.”

The warning reads:

These are the highest numbers we’ve seen in some time, far exceeding what we have witnessed to date.

The scope and ambition reveal that the fraudulent Bitcoin mining campaign is not just “an improvised endeavor” as the people behind it must be relying on major infrastructure and resources.

Aqua Security has spotted the malware as a Golang-based Linux agent, known as Kinsing. The malware propagates by exploiting misconfigurations in Docker API ports. It runs an Ubuntu container, which downloads Kinsing and then tries to spread the malware to further hosts and containers. According to the researchers, the campaign’s goal is to deploy a crypto miner on the compromised host. This was planned to achieve by first exploiting the open port and then carrying through with a series of evasion tactics.

The team at Aqua Security has been able to provide valuable, detailed insight into the aspects of the malware campaign. They claim it to be a “growing threat to cloud-native environments.” The researchers noted that the attackers have been stepping up their game to carry out sophisticated and ambitious attacks. To fight this, enterprise security teams need to build a robust strategy to mitigate new risks. 

Aqua recommends security teams to locate all cloud resources and classify them in a logical structure, review their authorization and authentication policies, and adjust basic security policies based on the principle of “least privilege.” Teams are also advised to investigate logs to identify user actions that register as anomalies and implement cloud security tools to strengthen their strategy.

FX Street

FX Street

FXStreet is the leading independent portal dedicated to the Foreign Exchange (Forex) market. It was launched in 2000 and the portal has always been proud of their unyielding commitment to provide objective and unbiased information, to enable their users to take better and more confident decisions.

WARNING: The content on this site should not be considered investment advice and we are not authorised to provide investment advice. Nothing on this website is an endorsement or recommendation of a particular trading strategy or investment decision.  The information on this website is general in nature, so you must consider the information in light of your objectives, financial situation and needs. Investing is speculative. When investing your capital is at risk. This site is not intended for use in jurisdictions in which the trading or investments described are prohibited and should only be used by such persons and in such ways as are legally permitted. Your investment may not qualify for investor protection in your country or state of residence, so please conduct your own due diligence or obtain advice where necessary. Crypto promotions on this site do not comply with the UK Financial Promotions Regime and is not intended for UK consumers. This website is free for you to use but we may receive a commission from the companies we feature on this site.

© forexcrunch.com All Rights Reserved 2017 – 2024