Docker instances targeted in major cryptojacking scam

Best Mining Laptop
(Image credit: aklionka / Shutterstock)

A new cryptojacking campaign has been spotted leveraging poorly-secured Docker remote API servers, experts have claimed.

Cybersecurity researchers from Trend Micro have detailed a campaign they dubbed “Commando Cat” because it uses the open-source container generation project, Commando, which has apparently been active since early 2024.

"The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham Singh said in the blog post.

Generating cryptocurrency

In it, the attackers go for misconfigured Docker remote API servers, and drop a Docker image named cmd.cat/chattr. This image creates a container instance which, by means of the chroot command, is able to gain access to the host operating system

Finally, the attacker uses a shell script to initiate either a curl or wget command from the C2 server, which retrieves the malicious binary. The researchers believe the binary to be ZiggyStarTux, an open-source IRC bot built on the Kaiten malware.

"The significance of this attack campaign lies in its use of Docker images to deploy cryptojacking scripts on compromised systems," the researchers said. "This tactic allows attackers to exploit vulnerabilities in Docker configurations while evading detection by security software."

The goal of the campaign is to generate cryptocurrency for the attackers. The malware being deployed is a cryptominer, a lightweight program that “mines” cryptocurrency, usually Monero (XMR). “Mining” is a colloquial term for complex operations that usually take up almost all of the machine’s computing power.

As a result, the computer slows down and is unable to perform the tasks it was set up to do. Furthermore, with mining being so compute-intensive, it can rake up quite the electricity bill. As a result, the victim ends up with a useless computer and an inflated electricity bill, while the attackers run away with newly generated cryptocurrency.

Luckily enough, a crypto miner is easy to spot, since the computer is basically rendered useless while the program operates.

Via The Hacker News

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
China
Chinese hackers develop effective new hacking technique to go after business networks
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Stress
Complexity of IT systems could be increasing security risks for businesses
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
CEOs think they might lose their jobs if they can't deliver on AI
Tony Hawk's Pro Skater 3+4
From Ace of Spades to Them Bones, Tony Hawk's Pro Skater 3+4's soundtrack is already looking excellent
The Google Gemini logo against a black background.
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's upcoming Flash 2.0 built-in image upgrade
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow