Docker environments have been subjected to a novel cryptojacking malware campaign that facilitated cryptomining by establishing a link to the Web3 service teneo.pro, which allows social media data monetization, Infosecurity Magazine reports.
Attacks commence with container launch request on Docker Hub, enabling the execution of the ten.py script that leads to the deployment of a heavily obfuscated Python payload, which seeks to obtain 'teneo points' that are then converted into private cryptocurrency tokens, according to a report from Darktrace and Cado Security Labs researchers. "Typically, traditional cryptojacking attacks rely on using XMRig to directly mine cryptocurrency, however as XMRig is highly detected, we now see attackers shifting to alternative methods of generating crypto," said researchers, who called on system administrators to prohibit unnecessary access to Docker environments, as well as implement robust authentication and firewall systems to prevent potential compromise in Docker-based attacks.
Attacks commence with container launch request on Docker Hub, enabling the execution of the ten.py script that leads to the deployment of a heavily obfuscated Python payload, which seeks to obtain 'teneo points' that are then converted into private cryptocurrency tokens, according to a report from Darktrace and Cado Security Labs researchers. "Typically, traditional cryptojacking attacks rely on using XMRig to directly mine cryptocurrency, however as XMRig is highly detected, we now see attackers shifting to alternative methods of generating crypto," said researchers, who called on system administrators to prohibit unnecessary access to Docker environments, as well as implement robust authentication and firewall systems to prevent potential compromise in Docker-based attacks.
