Close Menu
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
What's Hot

Can KAITO sustain its 13% rally before $14.9mln token unlock?

July 17, 2026

What Happens If Your Exchange Isn’t Approved

July 17, 2026

How Malicious Liquidity Pools Are Trick-Quoting Ethereum and Polygon Users

July 17, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook X (Twitter) Instagram
CryptoPulseDaily.com
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
CryptoPulseDaily.com
Home»Security and Privacy»Crypto-Mining Botnet Goes After Misconfigured Docker APIs
Crypto-Mining Botnet Goes After Misconfigured Docker APIs
Security and Privacy

Crypto-Mining Botnet Goes After Misconfigured Docker APIs

June 23, 2023No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

A notorious cryptocurrency mining botnet has begun targeting misconfigured Docker APIs, according to CrowdStrike.

LemonDuck has been observed exploiting ProxyLogon vulnerabilities in Microsoft Exchange Server and using EternalBlue and other exploits to mine cryptocurrency, escalate privileges and move laterally inside compromised networks.

Now its attention has turned to one of the world’s most popular containerization platforms.

The botnet is targeting exposed Docker APIs in order to gain initial access, CrowdStrike explained.

“It runs a malicious container on an exposed Docker API by using a custom Docker Entrypoint to download a ‘core.png’ image file that is disguised as Bash script,” it said in a blog post yesterday.

Before the payload – an “a.asp” file – is downloaded and mining can begin, it performs several actions, including killing the processes, IOC file paths and C&C connections of competing crypto-mining groups.

The a.asp file also has the capability to switch off Alibaba’s cloud monitoring service in order to fly under the radar of network defenders.

LemonDuck attempts to move laterally by searching for SSH keys on a filesystem, using them to log into additional servers and run its malicious scripts.

The researchers also found multiple campaigns running from many of the C&C servers associated with LemonDuck, including ones targeting Windows and Linux machines.

“Due to the cryptocurrency boom in recent years, combined with cloud and container adoption in enterprises, cryptomining is proven to be a monetarily attractive option for attackers,” CrowdStrike concluded.

“Since cloud and container ecosystems heavily use Linux, it drew the attention of the operators of botnets like LemonDuck, which started targeting Docker for cryptomining on the Linux platform.”

See also  Tether-Backed Northern Data Striking Deals To Sell Its Crypto-Mining Arm: Bloomberg

The campaign highlights the need for administrators to ensure their container environments are correctly configured according to industry best practices, and ideally with cloud workload security and detection and response tools installed.

Source link

APIs Botnet Cryptomining Docker Misconfigured
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How Malicious Liquidity Pools Are Trick-Quoting Ethereum and Polygon Users

July 17, 2026

Modular macOS Stealer Uses Kill Loops to Force Password Entry

July 16, 2026

Robinhood Chain tokens are reportedly vanishing from wallets causing buyers to lose funds

July 13, 2026

Convicted scammer’s “seized” crypto moves to unknown wallets while in prison as DOJ failed to secure funds

July 13, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Senators Probe Trump Token Activity as Political and Financial Risks Emerge

April 13, 2026

Battle for Ankhos’ RPG Mashes Up Discord, Generative AI, and Solana NFTs

July 27, 2023

Assassin’s Creed NFTs: Smart Collectibles Bridging Gaming & Blockchain

May 20, 2023

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Crypto, ICOs, Web3, Blockchain and more.

We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Can KAITO sustain its 13% rally before $14.9mln token unlock?

July 17, 2026

What Happens If Your Exchange Isn’t Approved

July 17, 2026

How Malicious Liquidity Pools Are Trick-Quoting Ethereum and Polygon Users

July 17, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2026 Crypto Pulse Daily - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.

Cleantalk Pixel
  • bitcoinBitcoin(BTC)$63,112.00-1.33%
  • ethereumEthereum(ETH)$1,831.26-2.25%
  • tetherTether(USDT)$1.00-0.01%
  • binancecoinBNB(BNB)$562.45-2.41%
  • usd-coinUSDC(USDC)$1.000.01%
  • rippleXRP(XRP)$1.08-2.16%
  • solanaSolana(SOL)$74.53-1.85%
  • tronTRON(TRX)$0.322449-0.22%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.02-1.68%
  • HyperliquidHyperliquid(HYPE)$60.01-8.78%