Hackers Scan Massive Docker Instances to Mine Crypto

Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero.

Over the weekend, according to cybersecurity researchers at Bad Packets, what is believed to be a concerted effort to scan for known vulnerabilities in Docker deployments by cyber-criminals. These massive scans, covering over 59 thousand IP networks, are searching for victims. When they find a suitable instance, a malicious payload is deployed which includes the crypto-mining engine XMRig that enables the Monero mining for the attacker’s benefit.

For those running Docker instances, be sure you are running the latest software and to lock down the network ports.

Crypto mining-malware is common, but targeting Docker is relatively new as is the scale of such a coordinated scanning tactic to target victims. As cybercriminals become more organized, this will become the norm. The time between vulnerability release and massive scanning to find victims will narrow, especially in situations where crypto-mining can be deployed for immediate financial gains.