Attackers have been compromising vulnerable Docker services with the XMRig cryptocurrency mining malware and the 9HIts Viewer software as part of a novel hacking campaign that not only exfiltrates cryptocurrency but also generates fake website traffic, The Hacker News reports.
Susceptible Docker servers potentially identified through a Shodan search have been breached to facilitate the deployment of containers containing the cryptominer and the viewer application, with the former using available CPU resources to establish a connection with a private mining pool to obfuscate the campaign while the latter uses the remaining resources to limit the performance of impacted servers, a report from Cado Security Labs showed.
"The result of this is that legitimate workloads on infected servers will be unable to perform as expected. In addition, the campaign could be updated to leave a remote shell on the system, potentially causing a more serious breach," said security researcher Nate Bill.
