A new TOR-based cryptojacking campaign targeting misconfigured Docker APIs exhibits advanced propagation and potential for broader attacks, including data theft and DDoS. The Go dropper actively blocks other actors and contains dormant code for exploiting Telnet and Chromium remote debugging, indicating future botnet capabilities. This highlights vulnerabilities in exposed APIs, cloud services, and default credentials.
Latest mentioned: 09-09
Earliest mentioned: 09-09