Terror Spreads! New Malware Sweeps Docker, Your Server May Be "Mining for Free"
Recently, security researchers discovered a new type of Linux malware attacking unprotected Docker servers, turning them into "miners" for the privacy coin Dero. This malware infiltrates through the exposed Docker API port (2375) and deploys two malicious programs: one disguised as an nginx web server and the other responsible for mining.
After infection, the controlled servers automatically scan the internet for new targets and spread the malware, forming a self-propagating attack network. According to statistics, there are still over 520 Docker servers globally exposed through port 2375, facing high risk.
It is worth noting that the wallets and node infrastructure used in this attack are the same as those used in attacks on Kubernetes clusters in 2023-2024, suspected to be carried out by the same hacker organization. Experts remind businesses to promptly check Docker configurations and close unnecessary API exposed ports.
