Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

 

Call Anytime 24/7

 
Mail Us For Support
 
Office Address

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

  • Home
  • cyber security
  • Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
crypto mining

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.

Key Points:

Attack Details:
• Used the gRPC protocol over h2c to evade security solutions and execute crypto mining on Docker hosts.
• Initial steps involved checking the Docker API version and requesting gRPC/h2c upgrades to manipulate Docker functionalities.

Exploitation by Cybercriminals:
• Conducted a discovery process for public-facing Docker API hosts and HTTP/2 protocol upgrades.
• Sent gRPC requests to create containers and mine XRP cryptocurrency using SRBMiner.

Impact and Risks:
• Leveraged the gRPC protocol over h2c to bypass security layers.
• Also observed deploying perfctl malware using Docker containers, which includes a Base64-encoded payload masquerading as a PHP file.

Defense Strategies:
• Implement strong access controls and authentication mechanisms for Docker remote API servers.
• Monitor for unusual activities and follow container security best practices.

Leave A Comment

Your email address will not be published. Required fields are marked *