🚀 New Linux Malware Threatens Docker Infrastructure
#Linux #Malware #Docker #Cryptojacking #Cybersecurity #Kaspersky #Dero #Golang #Virtualization #Containers #Kubernetes
According to Foresight News, a report by cybersecurity firm Kaspersky has revealed a new Linux malware activity targeting insecure Docker infrastructures. This threat is turning exposed servers into part of a decentralized cryptojacking network mining the privacy coin Dero.
The attack exploits the publicly accessible Docker API on port 2375. Once access is gained, the malware generates malicious containers, infecting running containers to steal system resources for mining Dero. It also scans for other targets without needing a central command server. Docker, from a software perspective, is a set of applications or platform tools and products that use operating system-level virtualization to deliver software in small packages known as containers.
The threat actors behind this operation have deployed two Golang-based implants: one named "nginx," which is deliberately disguised as legitimate web server software, and another called "cloud," which is the actual mining software for generating Dero. Once a host is compromised, the nginx module continuously scans the internet for more vulnerable Docker nodes, using tools like Masscan to identify targets and deploy new infected containers.
To evade detection, the malware encrypts configuration data, including wallet addresses and Dero node endpoints, and hides itself in paths typically used by legitimate system software. Kaspersky found that the wallet and node infrastructure used in earlier cryptojacking activities targeting Kubernetes clusters in 2023 and 2024 are the same, indicating an evolution of a known operation rather than a completely new threat.#Linux #Malware #Docker #Cryptojacking #Cybersecurity #Kaspersky #Dero #Golang #Virtualization #Containers #Kubernetes
🚀 Cryptojacking Campaign Targets Russian Devices, Mining Cryptocurrency
#cryptojacking #cybersecurity #malware #phishing #cryptocurrency #hacking #Kaspersky #LibrarianGhouls #RareWerewolf #hacktivism #Russia #Belarus #Kazakhstan
According to Cointelegraph, the hacker group known as Librarian Ghouls, also referred to as Rare Werewolf, has compromised hundreds of Russian devices to mine cryptocurrency in a cryptojacking scheme. Cybersecurity firm Kaspersky reports that the group gains access to systems through phishing emails laden with malware, masquerading as official documents or payment orders from legitimate organizations. Once a computer is infected, the hackers establish remote connections, disable security systems like Windows Defender, and program the device to operate between 1 am and 5 am. During this time, they steal login credentials and gather information about the device's RAM, CPU cores, and GPUs to configure the crypto miner optimally.
The campaign, which began in December 2024, has affected numerous Russian users, particularly in industrial enterprises and engineering schools, with additional victims in Belarus and Kazakhstan. The origin of the group remains unclear, but Kaspersky notes that the phishing emails are composed in Russian and include archives with Russian filenames, suggesting that the primary targets are likely based in Russia or speak Russian. The hackers maintain a connection to the mining pool, sending requests every 60 seconds, and continuously refine their tactics, which include data exfiltration, deployment of remote access tools, and use of phishing sites for email account compromise.
Kaspersky speculates that the Librarian Ghouls might be hacktivists, using hacking as a form of civil disobedience to promote a political agenda. This speculation is based on their reliance on legitimate third-party utilities rather than developing their own malicious binaries. The duration of the group's activity is uncertain, but another Russian cybersecurity firm, BI. ZONE, reported on November 23 that Rare Werewolf has been active since at least 2019. The ongoing cryptojacking campaign highlights the evolving tactics of cybercriminals and the importance of robust cybersecurity measures to protect against such threats.#cryptojacking #cybersecurity #malware #phishing #cryptocurrency #hacking #Kaspersky #LibrarianGhouls #RareWerewolf #hacktivism #Russia #Belarus #Kazakhstan
🚀 Monero Mining Malware Targets Thousands of Websites
#Monero #Mining #Malware #Cybersecurity #Cryptojacking #WebSecurity #XMR #Hackers #Ecommerce
According to BlockBeats, cybersecurity researchers from c/side have identified a resurgence of malicious Monero (XMR) mining software affecting numerous websites. This new wave of cryptojacking has infiltrated at least 3,500 sites, deploying hidden Monero mining scripts. Unlike traditional cryptojacking methods, these malicious programs evade detection by limiting CPU usage and concealing traffic within WebSocket streams. Hackers are employing a 'low-profile, slow-mining' strategy, specifically targeting unpatched websites and e-commerce servers.#Monero #Mining #Malware #Cybersecurity #Cryptojacking #WebSecurity #XMR #Hackers #Ecommerce
🚀 Cryptojacking and Crypto Attacks Cost $127M in September, Down 22% From August
#Crypto #Cryptojacking #CryptoAttacks #Web3 #DeFi #Blockchain #CyberSecurity #PeckShield #Hacks #Exploits #SwissBorg #UXLINK #VenusProtocol #Yala #GriffAI #CryptoLosses #CryptoSecurity #CryptoNews #XVS
Key Takeaways:Web3 security firm PeckShield reported $127.06M in losses from crypto attacks in September, down from $163M in August (a 22% drop).Around 20 large-scale exploits were recorded, with UXLINK and SwissBorg among the hardest hit.Despite the decline, crypto security remains a pressing risk as hackers continue to target DeFi and Web3 protocols.Crypto Attacks Decline in SeptemberAccording to data published by PeckShield on X (formerly Twitter), losses from crypto security incidents in September 2025 totaled approximately $127.06 million, reflecting a 22% decrease from August’s $163 million.The decline marks a rare pullback after months of sustained attacks on the Web3 sector, though the figures still highlight the ongoing vulnerabilities across DeFi and blockchain platforms.Major Incidents in SeptemberPeckShield identified around 20 major hacks and exploits during the month. The largest cases included:UXLINK – Losses of $44.14MSwissBorg – Losses of $41.5MVenus Protocol – Losses of $13.5M (later recovered)Yala – Losses of $7.64MGriffAI – Losses of $3MThese incidents underscore the continued targeting of cross-chain protocols, DeFi lending platforms, and AI-integrated crypto projects. Market ImplicationsWhile the 22% decline in stolen funds is a positive signal for security efforts, experts caution that attack sophistication is rising. Many protocols now face phishing-based exploits, private key leaks, and governance manipulation, in addition to traditional smart contract vulnerabilities.PeckShield’s report highlights that recoveries like Venus’ $13.5M case also play a role in lowering net monthly losses, but the overall risk landscape for investors remains elevated.September’s $127M in crypto attack losses shows progress in industry defense mechanisms, but with over 20 major incidents, security in DeFi and Web3 remains a critical concern. Investors are urged to remain cautious, conduct due diligence, and track protocol-level security updates closely.#Crypto #Cryptojacking #CryptoAttacks #Web3 #DeFi #Blockchain #CyberSecurity #PeckShield #Hacks #Exploits #SwissBorg #UXLINK #VenusProtocol #Yala #GriffAI #CryptoLosses #CryptoSecurity #CryptoNews #XVS