As per reports, threat Actors are exploiting Docker remote API servers to deploy SRBMiner, a crypto miner, on compromised systems, as highlighted in a recent Trend Micro report. The attack begins with a discovery process where public-facing Docker API hosts are identified. After that, the attacker checks for gRPC methods to control various Docker functionalities such as health checks, SSH forwarding, and file synchronization. The key aim is to create containers and use them to mine XRP cryptocurrency by deploying SRBMiner from GitHub. In this campaign, the adversary takes advantage of the gRPC protocol to bypass security measures and gain control of the Docker host. This allows them to execute their crypto mining operations covertly. Trend Micro also observed the exploitation of Docker remote API servers to spread other malware, such as perfctl, which creates a Docker container with a malicious image and Base64-encoded payloads. This payload delivers a binary disguised as a PHP file and launches a further attack.
Microsoft is working on a well-documented problem that makes the classic Outlook mail client crash when it launches for Microsoft 365 customers running Windows. The problem does no...
A newly described attack dubbed CometJacking abuses URL parameters to inject hidden instructions into Perplexity’s Comet AI browser, causing the agent to access and leak sensitiv...
Detour Dog is a long-running campaign that hacks websites and has turned into a system for spreading malware using DNS. At first, it quietly sent visitors to tech-support and ad-fr...