Security Researchers at Imperva Find Monero Crypto Miners Were Leveraging Weak Docker Hosts

As per an all new report released by Imperva — a security research firm— crypto miners have been “exploiting hundreds of fragile Docker hosts” associated with the Monero project. As a result of this, many XMR based transactions are being obscured and all of the intrinsic data related to these tx’s is becoming nearly impossible to trace.

In relation to the matter, a large number of vulnerable Docker hosts are being exploited by miscreants who are taking advantage of certain modules, namely CVE-2019 – 5736 runC (that allow for Monero transactions to be meddled with).

More On The Matter

After the expose’ of the above-mentioned runC flaw last month, a number of new attacks have commenced on Docker. As part of the flaw, hackers and other third-party entities have the ability to

“do whatever they please once they get past the core security wall”.

According to a statement issued by Imperva, the firm made use of Shodan as a tool to find open Docker ports— of which they located nearly 3,822. These ports were found to have had their APIs exposed to the public. Not only that, more than 400 of the above-mentioned ports had IP addresses that

“were accessible on the 2735/2736 port-channel”.

“We found that a cryptocurrency miner for a currency called Monero is running most of the exposed Docker remote API IPs. Monero transactions are obfuscated, meaning the source, amount, or destination of a transaction is almost impossible to track.”

It is worth adding that since crypto-jackers have already exposed a plethora of hosts to other miscreants, this vulnerability may be exploited further if the compromised daemons are not patched in time.

Other Key Details Worth Noting

Despite the fact that Imperva’s dev team only highlighted one case of vulnerable Docker daemons, there currently exists a lot of potential for attacks on a number of other compromised servers.

They can include:

  • Masked IP Attacks
  • Phishing campaign hosting services
  • Stealing of sensitive data and credentials

More About Docker

For those of our readers unaware of what a ‘Docker Container’ is, it can be thought of as a “standard unit of software that packages up code and all of its dependencies” so as to help in the faster operation of an associated application. The platform has been in the open source community for quite some time now and its containers have been downloaded more than 85 trillion times till date.

On the subject of the Docker Management UI being exposed to external threats, Imperva’s core dev team was quoted as saying:

“It can be useful to expose Docker ports and third-party apps such as ‘ portainer, ‘. However, you must ensure that security controls are created that allow interaction with the Docker API only by trusted sources.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide