Dero miner zombies biting through Docker APIs to build a cryptojacking horde

A new Dero mining campaign exploits insecurely published Docker APIs to spread through containerized Linux environments. The attack uses two Golang malware implants: 'nginx' for propagation and 'cloud' for cryptocurrency mining. The 'nginx' malware scans for vulnerable Docker APIs, creates malicious containers, and compromises existing ones. It maintains persistence and spreads without a command-and-control server. The 'cloud' miner is based on the open-source DeroHE CLI project, with hardcoded wallet and node addresses. This campaign differs from previous attacks on Kubernetes clusters by actively spreading and compromising more networks. The threat highlights the importance of securing containerized infrastructures and monitoring for malicious activities.

Pulse ID: 682ddf774e05b30a8adbf3b4
Pulse Link: https://otx.alienvault.com/pulse/682ddf774e05b30a8adbf3b4
Pulse Author: AlienVault
Created: 2025-05-21 14:13:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CryptoJacking #CyberSecurity #Docker #Golang #InfoSec #Linux #Malware #Nginx #OTX #OpenThreatExchange #RCE #bot #cryptocurrency #AlienVault

🚨 RedisRaider alert! 🚨 Researchers spot a Go-based malware targeting public #Redis servers on #Linux, deploying XMRig miners via config abuse. It scans IPv4, injects cron jobs, and spreads fast—plus anti-forensics tricks! Full story 👉 https://thehackernews.com/2025/05/go-based-malware-deploys-xmrig-miner-on.html #Cybersecurity #Malware #Cryptojacking #newz

@leberschnitzel shure. Take your time.

• Usually the most effective solutions are further away from said webserver.

Espechally since #JavaScript gets universally blocked by users of @torproject / #TorBrowser like myself simply because every single piece of #JS I came across was not "technically necessary" if not outright #malware designed to do #Cryptojacking, #BrowserFingerprinting and/or steal logins.

Over 1,500 PostgreSQL servers hit by fileless cryptojacking campaign exploiting weak credentials. #Cybersecurity #PostgreSQL #Cryptojacking

More details: https://www.scworld.com/brief/ongoing-cryptomining-campaign-hits-over-1-5k-postgresql-servers - https://www.flagthis.com/news/12380

Sicherheitslücke bei Abracadabra #Sicherheitslücke #Cryptojacking #Kryptowährung #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsluecke_bei_abracadabra-8922.php

@kubikpixel IMHO ist #JavaScript nur für #Cryptojacking-#Malware gut und hat keine Daseinsberechtigung!

📬 Krypto-Diebstahl durch Malware: Cryptojacking-Kampagne kassiert über 300.000 US-Dollar
#Cyberangriffe #Krypto #Malware #ClipboardHijacking #Cryptojacking #KryptoDiebstahl #MassJacker #Solana https://sc.tarnkappe.info/7c6ee7

Via #LLRX @psuPete Recommends – Weekly highlights on cyber security issues 08 Feb 2025 Five highlights from this week: Federal workers: Here’s how to lock down your #communications; Why #rebooting your phone daily is your best defense against zero-click #hackers EFF – Basics | #Surveillance Self-Defense; Even the US government can fall victim to #cryptojacking and Federal #immigration officials have extensive technology at their disposal. #privacy #signal #cybercrime https://www.llrx.com/2025/02/pete-recommendspete-recommends-weekly-highlights-on-cyber-security-issues-february-8-2025/

#LLRX @bespacific #CyberSecurity

Pete Recommends – Weekly highlights on cyber security issues, February 8, 2025

Five highlights from this week: Federal workers: Here’s how to lock down your communications; Why rebooting your phone daily is your best defense against zero-click hackers; #EFF - Basics | #Surveillance Self-Defense; Even the US government can fall victim to #cryptojacking; and Federal immigration officials have extensive technology at their disposal.

Posted in: Communications, #Cryptocurrency, Cybercrime, Cybersecurity, Legal Research, #Privacy

https://www.llrx.com/2025/02/pete-recommendspete-recommends-weekly-highlights-on-cyber-security-issues-february-8-2025/

Happens to anyone they said 🤷

https://fedscoop.com/cryptojacking-federal-government-agencies-usaid/

#infosec #cryptojacking #uspol

Google shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for #cryptojacking and on-premise #ransomware attacks☝️👩‍💻

https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html

@n_dimension most #Cryptojacking #malware is highly automated in that the attackers merely want to maximize profit and minimize labour, as their operations demand so.

Ideally you'd extract the target wallet address and other parameters like pool / login that their instance of #xmrig uses so it can be attributed, blocked and burned for any future use.

Please let me know of any details, so I can add them to blocklists.

​A Nebraska man known as CP3O pleaded guilty to operating a large-scale #cryptojacking operation. He admitted that he didn't pay a $3.5 million bill after renting cloud computing time to mine $970k worth of #cryptocurrency☝️☠️

https://www.bleepingcomputer.com/news/security/nebraska-man-pleads-guilty-to-35-million-cryptojacking-scheme/

@puppygirlhornypost2 @navi And whilst it's easy to blame #GoldenKeyBoot, a leaked #PrivateKey that was impossible to be removed, the problem is that #Windows is architecturally "insecure-able" because any changes necessary to make this not a problem would inherently mean the end for Windows as it's known to most.

• In fact, everything is done better by #Linux on the #Desktop for almost two decades, which is why classic #Malware isn't a thing on Linux systems.

Shure, you get some #Cryptojacking and some #CMS|es like #WordPress that are constantly being attacked but generally, the way #updates and #distribution of #Software works on Linux Distros for the most part is completely antithetical to Windows.

• And that's how we got this realistic scenario

And anything #Microsoft could do at this point if they weren't horny for money but avtually cared is to scrap Windows and instead invest into #Wine to ease the transition...

@mook nodds in agreement

-I wish for strong #accessibility #laws that mandate shit to work on Browsers like #LynxBrowser over #Tor and explicitly ban any measurements that prevent that from working.

In fact I'd say that @torproject should explicitly set #TorBrowser's security to maximum per default and explicitly explain that there is no legitimate reason for #JS to be used!

The only innvation that JS birthed was #CryptoJacking and other #Malware that runs inside #Browsers and commits #WastefulComputing!

https://www.youtube.com/watch?v=vMIZKtVruH8

💥 Did you know? Perfctl malware has been silently mining cryptocurrency on Linux servers for years, undetected. 👀

💡 Pro tip: Always monitor your system for unusual CPU spikes or hidden processes like “httpd” that might be masquerading as legitimate services!

What measures are you taking to detect hidden malware on your servers? 🤔 Share your tips with the community below!👇

🔗 Dive deeper into how Perfctl exploits vulnerabilities and steals resources unnoticed! Check out our full analysis here: https://guardiansofcyber.com/threats-vulnerabilities/undetected-for-years-meet-perfctl-the-linux-malware-thats-mining-millions-in-cryptocurrency-right-under-your-nose/

#Cybersecurity #GuardiansOfCyber #Guardians #LinuxSecurity #Cryptojacking #Malware #Perfctl #ServerSecurity #CryptoMining #TOR #TechSecurity

EigenLayer: Sicherheitsvorfall #Einbruch #Cryptojacking #Diebstahl #Kryptowährung #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/sicherheitsvorfall-eigenlayer-US-6872.php

Hackers maken misbruik van docker api voor cryptojacking https://www.trendingtech.news/trending-news/2024/10/39932/hackers-maken-misbruik-van-docker-api-voor-cryptojacking #Docker #cryptojacking #cybersecurity #malware #XMRig #Trending #News #Nieuws

Cybersecurity researchers have uncovered a new #cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor☝️👩‍💻 #hacking

https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html

Nieuwe cryptojacking-aanval richt zich op docker api om kwaadaardige swarm botnet te creëren https://www.trendingtech.news/trending-news/2024/10/39698/nieuwe-cryptojacking-aanval-richt-zich-op-docker-api-om-kwaadaardige-swarm-botnet-te-cre-ren #cryptojacking #Docker #cybersecurity #malware #Kubernetes #Trending #News #Nieuws