Sign In

Communications of the ACM

ACM TechNews

Docker Servers Targeted by Kinsing Malware Campaign

View as: Print Mobile App Share:
A hacker.

Researchers say a misconfigured API port has led to a months-long campaign in which cybercriminals have been launching daily Kinsing malware attacks that number in the thousands.


Over the past few months, a malware campaign has been scanning the Internet for Docker servers running API ports exposed without a password.

Then, the hackers are breaking into the unprotected hosts and installing a new crypto-mining software called Kinsing, according to researchers at Aqua Security.

After the hackers find a Docker instance with an exposed API port, they use the access to spin up an Ubuntu container, and download and install the Kinsing malware.

In addition to mining cryptocurrency on the hacked Docker instance, the malware runs scripts that remove other malware that may be running locally.

It also gathers local SSH credentials in an effort to spread to a company's container network, in order to infect other cloud systems with the same malware.

From ZDNet
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found