Thursday, March 28, 2024

Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency

Researchers observed a malicious Docker Hub account, “azurenql” that was active since October 2019 hosting malicious images to mine cryptocurrency, Monero.

According to wallet IDs, it was found the attacker earned 525.38 XMR, which roughly around 30000 USD based on today’s dollar price.

Docker is nothing but OS-level virtualization to deliver software in packages called containers. The dockers are popular nowadays, its popularity abused by attackers to make money by cryptojacking.

Malicious Docker Accounts

Researchers observed identified a user account named “azurenql” contains eight repositories hosting six malicious Monero mining images.

Docker Hub Account

Paloalto researchers observed that top image with Docker Hub account was pulled more than 1.47 million times. The base images use Ubuntu 16.04.6 LTS operating system.

To anonymize the traffic attackers uses Tor and it is configured to listen on its default port, 9050, here is the flow.

Docker Hub Account

Attackers used two methods to mine cryptocurrency by running these malicious images in the user’s environment.

Method 1: In the first method attackers directly submitting the mined blocks to the central minexmr pool using a wallet ID.

Method 2: In the second method attackers instances deployed on a hosting service running their mining pool that is used to collect mined blocks.

Researchers observed that wallet ID is still used and the recent mining activity for this wallet in April and May 2020.

Cryptomining attacks are increasing rapidly, attackers use to compromise servers, personal computers, Chrome extensions, and web portals to mine cryptocurrencies such as Monero.

The malicious activity was reported by Unit42 researchers to Docker Hub security and the malicious accounts taken down quickly.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles