Hackers Attack Docker Hosts And Install Crypto Miners
Hundreds of Docker hosts with vulnerability in RunC are infected with Monero mining software.
Thousands of available Dockers hosts fell victims of crypto jacking. The hackers attacked them using an exploit for a recently revealed vulnerability CVE-2019-5736 and installed crypto currency miners.
Vulnerability in RunC environment was revealed last month. The hacker can change RunC with its help and launch any commands on host system. Although many vendors eliminated the vulnerability in their products (including Amazon, Google and Docker) and one of RunC main miners released a patch, thousands of Docker daemons are still vulnerable.
According to Imperva’s security researchers, it’s possible to access 400 IP addresses out of 38222 IP-addresses which they found via Shodan search engine. The researchers found Monero miners on all the available hosts.