#CommandoCat – Xynik

Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

June 7, 2024 by Xynik

June 7, 2024 at 01:48AM Commando Cat, a threat actor, is behind a cryptojacking campaign leveraging poorly secured Docker instances to deploy cryptocurrency miners. The attacks involve targeting misconfigured Docker remote API servers and using Docker images to deploy cryptojacking scripts, evading detection by security software. Additionally, Chinese-speaking threat actors exploit ThinkPHP applications to deliver … Read more

‘Commando Cat’ Digs Its Claws into Exposed Docker Containers

June 6, 2024 by Xynik

June 6, 2024 at 04:20PM Cybercriminals are exploiting misconfigured Docker containers for cryptojacking, with the recent “Commando Cat” campaign being a prime example. They utilize Docker capabilities to run malicious containers and establish a command-and-control channel for uploading malware. Organizations can mitigate risk by using certified Docker images, avoiding root privileges, conducting security audits, and … Read more

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

June 6, 2024 by Xynik

June 6, 2024 at 03:59AM Summary: A novel cryptojacking attack campaign called Commando Cat exploits exposed Docker remote API servers to deploy cryptocurrency miners using Docker images from the open-source Commando project. Malicious actors use the cmd.cat/chattr image to gain initial access, employing techniques like chroot and volume binding to access the host system. Recommendations … Read more

Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign

February 4, 2024 by Xynik

February 4, 2024 at 12:19PM A new cryptojacking campaign, Commando Cat, targets exposed Docker API endpoints with multiple payloads, including XMRig cryptocurrency miner. The sophisticated campaign utilizes Docker as an initial access vector, deploys benign containers, and runs various payloads. It also drops additional payloads from a command-and-control server, posing a multi-faceted threat. (Word count: … Read more

‘Commando Cat’ Is Second Campaign of the Year Targeting Docker

February 1, 2024 by Xynik

February 1, 2024 at 05:30PM Cado researchers discovered “Commando Cat,” a malware campaign targeting exposed Docker API endpoints. This cryptojacking campaign, the second to target Docker, uses the service to mount the host’s filesystem and run various payloads. There are indications of an overlap with other threat groups, suggesting a potential connection. The campaign is … Read more