Docker servers targeted by new Kinsing malware campaign

Image: Aqua

For the past few months, a malware operation has been scanning the internet for Docker servers running API ports exposed on the internet without a password. Hackers are then breaking into unprotected hosts and installing a new crypto-mining malware strain named Kinsing.

Attacks began last year and are still ongoing, according to cloud security firm Aqua Security, which detailed the campaign in a blog post on Friday.

These attacks are just the last in a long list of malware campaigns that have targeted Docker instances — systems that, when compromised, provide hacker groups with unfettered access to vast computational resources.

According to Gal Singer, a security researcher at Aqua, once the hackers find a Docker instance with an exposed API port, they use the access provided by this port to spin up an Ubuntu container, where they download and install the Kinsing malware.

The malware’s primary purpose is to mine cryptocurrency on the hacked Docker instance, but it also comes with secondary functions. These include downloading and running a version of the ClamAV antivirus engine to detect and remove other malware that may be running locally, but also a script that gathers local SSH credentials in an attempt to spread to a company’s container network, to infect other cloud systems with the same malware.

Since Kinsing malware attacks are still ongoing, Aqua recommends that companies review the security settings of their Docker instances and make sure no administrative APIs are exposed online. Such admin endpoints should be either behind a firewall or VPN gateway — if they need to be exposed online — or disabled when not used.

The recent Kinsing malware campaign is just the latest in a long list of attacks from crypto-mining botnets that have targeted Docker instances.

Such attacks first began in the spring of 2018. Aqua and Sysdig were the first companies to detect attacks against Docker systems at the time.

Other attacks and malware followed after that. Reports detailing other attacks against Docker servers have been detailed by Trend Micro (October 2018), Juniper Networks (November 2018), Imperva (March 2019), Trend Micro and Alibaba Cloud (May 2019), Trend Micro again (June 2019), and Palo Alto Networks (October 2019).

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

For a Hedge Against Inflation - Click the Rocket!

E-Crypto News Executive Interviews

Blockchain/Cryptocurrency Questions and Answers

Stressed about crypto
The Worst Places in the World to Buy and Hold Crypto
January 27, 2023
What Are Crypto Index Funds?
What Are Crypto Index Funds?
January 19, 2023
Can You Make Money Anymore With Crypto in 2023?
January 13, 2023
What Is Stagflation And How Does It Affect The Crypto Markets?
What Is Stagflation And How Does It Affect The Crypto Markets?
January 12, 2023
passive crypto
How To Minimize Risks When Investing in Crypto
December 28, 2022

Automated trading with HaasBot Crypto Trading Bots

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin23,108 0.01 % 1.23 % 1.77 %
Ethereum1,598.0 0.11 % 1.77 % 3.81 %
Tether1.001 0.09 % 0.04 % 0.01 %
USD Coin1.000 0.44 % 0.25 % 0.18 %
BNB283.64 0.09 % 0.32 % 2.79 %
XRP0.4687 0.46 % 4.02 % 4.38 %
Binance USD1.000 0.15 % 0.14 % 0.18 %
Cardano0.3887 0.70 % 4.19 % 6.90 %
Dogecoin0.08768 0.18 % 2.94 % 1.40 %
Polygon1.140 0.19 % 5.24 % 11.55 %

Bitcoin (BTC) $ 23,105.19
Ethereum (ETH) $ 1,597.47
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 307.48
XRP (XRP) $ 0.412401
Binance USD (BUSD) $ 1.00
Cardano (ADA) $ 0.389393
Dogecoin (DOGE) $ 0.087631
Polygon (MATIC) $ 1.14