Search...

New Crypto-Jacking Malware ‘Graboid’ Infects Thousands of Computers to Mine Monero (XMR)

Palo Alto Networks’ Unit 42 researchers discovered a new crypto-jacking malware that infected over 2000 victim's computers.

The malware infects unsuspecting users’ computers to mine Monero (XMR), a privacy-based cryptocurrency. The crypto-jacking worm, named Graboid, spread using containers in the Docker Engine (Community Edition) to unsecured hosts’ computers.

Docker images spread the crypto-jacking malware

In a new intelligence report by the Unit 42 team, Graboid worm, targets Docker, a Linux and Windows based, platform as a service (PaaS) solution, which allows users to create, develop and deploy applications in a virtual environment.

The platform however is vulnerable to attacks from the newly found malware that on average mined XMR for 250 seconds with the miners active 63% of the time.

https://unit42.paloaltonetworks.com/wp-content/uploads/2019/10/Figure-1.-Cryptojacking-worm-activity-overview-1024x556.png

1Crypto-jacking malware, Graboid, activity overview. (Source: PaloAlto)

According to the report,

“The attacker compromised an unsecured Docker daemon, ran the malicious Docker container pulled from Docker Hub, downloaded a few scripts and a list of vulnerable hosts from C2 and repeatedly picked the next target to spread the worm.”

After identifying the 2,000+ cases of malicious activity on the Docker Engines (CE), Unit 42 partnered with Docker in a bid to stop the worm from spreading. Jay Chen, Unit 42’s Senior Cloud Vulnerability and Exploit Researcher, hopes tighter security protocols will be set on Docker images to reduce the instances of malware. He said,

“We’re continuing to see instances where the failure to properly configure containers can lead to the loss of sensitive information and as a result, default configurations can be significant security risks for organizations.”

Hike in crypto-jacking activities

In August, BEG reported over 850,000 computers were infected with another crypto-jacking software mining Monero on the users computers. Retadup Monero, was quickly stopped by Paris police officers after a tip off by Avast software security company.

On Oct.8, ESSET, a security firm, also discovered a new crypto-jacking software rampant in South and Latin America spreading on users’ computers. Casbaneiro, or Metamorfo, attacks users cryptocurrency wallets and banking services to reveal personal information.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter
Lujan Odera

Lujan is a blockchain technology and cryptocurrency author and editor. He has worked in the field of cryptocurrencies and blockchain technology since 2015 helping him gain enough experience to be the writer he is today. He is known for his simple writing style that allows novices to understand the field in the simplest way.

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Sign Up Sign In
Sign Up

Sign In
Forgot Your Password?
Forgot
Your Password?

Password reset instructions will be
sent to your E-mail
Back to Sign In
Set password
Error: this field is requeired
Error: this field is requeired

Back to Sign In
Bitcoin Exchange Guide