June 6, 2024 at 04:20PM Cybercriminals are exploiting misconfigured Docker containers for cryptojacking, with the recent “Commando Cat” campaign being a prime example. They utilize Docker capabilities to run malicious containers and establish a command-and-control channel for uploading malware. Organizations can mitigate risk by using certified Docker images, avoiding root privileges, conducting security audits, and … Read more
June 6, 2024 at 03:59AM Summary: A novel cryptojacking attack campaign called Commando Cat exploits exposed Docker remote API servers to deploy cryptocurrency miners using Docker images from the open-source Commando project. Malicious actors use the cmd.cat/chattr image to gain initial access, employing techniques like chroot and volume binding to access the host system. Recommendations … Read more
February 4, 2024 at 12:19PM A new cryptojacking campaign, Commando Cat, targets exposed Docker API endpoints with multiple payloads, including XMRig cryptocurrency miner. The sophisticated campaign utilizes Docker as an initial access vector, deploys benign containers, and runs various payloads. It also drops additional payloads from a command-and-control server, posing a multi-faceted threat. (Word count: … Read more
February 1, 2024 at 05:30PM Cado researchers discovered “Commando Cat,” a malware campaign targeting exposed Docker API endpoints. This cryptojacking campaign, the second to target Docker, uses the service to mount the host’s filesystem and run various payloads. There are indications of an overlap with other threat groups, suggesting a potential connection. The campaign is … Read more
January 18, 2024 at 03:26PM Cyberattackers are using a new gray-area tool called 9hits Traffic Exchange to generate artificial page views for websites. This tool allows users to buy credits and exchange them for traffic to a specific site, potentially inflating engagement numbers for advertisers. Attackers are targeting Docker services to deploy this tool along … Read more
January 18, 2024 at 12:09PM A novel campaign is targeting vulnerable Docker services by deploying XMRig cryptocurrency miner and 9Hits Viewer software to generate revenue. The campaign uses various strategies to drive traffic to websites, breaching servers to deploy malicious containers via Docker API. The impact includes resource exhaustion and potential for a serious breach. … Read more
January 18, 2024 at 06:15AM Attackers have launched a new campaign targeting vulnerable Docker services, deploying an XMRig miner and the 9hits viewer app on compromised hosts for dual monetization. They exploit resources of these systems to drive traffic as part of the 9hits traffic exchange system, showcasing a need for stricter security checks and … Read more