🚀 New Linux Malware Threatens Docker Infrastructure
#Linux #Malware #Docker #Cryptojacking #Cybersecurity #Kaspersky #Dero #Golang #Virtualization #Containers #Kubernetes
According to Foresight News, a report by cybersecurity firm Kaspersky has revealed a new Linux malware activity targeting insecure Docker infrastructures. This threat is turning exposed servers into part of a decentralized cryptojacking network mining the privacy coin Dero.
The attack exploits the publicly accessible Docker API on port 2375. Once access is gained, the malware generates malicious containers, infecting running containers to steal system resources for mining Dero. It also scans for other targets without needing a central command server. Docker, from a software perspective, is a set of applications or platform tools and products that use operating system-level virtualization to deliver software in small packages known as containers.
The threat actors behind this operation have deployed two Golang-based implants: one named "nginx," which is deliberately disguised as legitimate web server software, and another called "cloud," which is the actual mining software for generating Dero. Once a host is compromised, the nginx module continuously scans the internet for more vulnerable Docker nodes, using tools like Masscan to identify targets and deploy new infected containers.
To evade detection, the malware encrypts configuration data, including wallet addresses and Dero node endpoints, and hides itself in paths typically used by legitimate system software. Kaspersky found that the wallet and node infrastructure used in earlier cryptojacking activities targeting Kubernetes clusters in 2023 and 2024 are the same, indicating an evolution of a known operation rather than a completely new threat.#Linux #Malware #Docker #Cryptojacking #Cybersecurity #Kaspersky #Dero #Golang #Virtualization #Containers #Kubernetes
🚀 Supply Chain Attack Targets PyPI Package LiteLLM with Malicious Code
#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
A recent supply chain attack has compromised the PyPI package LiteLLM, which is downloaded approximately 97 million times monthly. According to NS3.AI, the malicious version of the package was designed to steal sensitive information, including SSH keys, cloud credentials, Kubernetes files, git credentials, environment variables, cryptocurrency wallets, SSL private keys, CI/CD keys, and database passwords. The attack was short-lived, as the malicious code was available for less than an hour. A bug in the implant led to developer Callum McMahon's machine running out of memory and crashing, inadvertently revealing the attack.#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity