Alert! Docker Servers Become New Target for Dero Mining Zombie Network
Cybersecurity Alert: A new type of self-propagating malware is globally attacking Docker infrastructure, turning it into a mining tool for the privacy cryptocurrency Dero. Attackers exploit exposed Docker APIs (port 2375) to infiltrate, implanting malicious programs disguised as nginx and specialized mining software.
This malware has self-propagation capabilities, and infected servers automatically scan and attack other exposed Docker instances, forming a decentralized zombie network. Security data shows that over 520 Docker servers worldwide still have this vulnerability.
Through trace analysis, this attack shares the same infrastructure as several mining attacks targeting Kubernetes clusters since 2023, indicating that hacker organizations are expanding their attack range. Enterprises must immediately check Docker configurations to guard against such automated attacks.
