• Smb/Windows Admin Shares
• Unix Shell
• Docker
• Exploitation For Client Execution
• Remote System Discovery
• Lateral Tool Transfer
• Network Service Discovery
• Resource Hijacking
• Change Default File Association
• United States
• Deploy Container
• External Remote Services
• Exploit Public-Facing Application
• Ingress Tool Transfer
• Business Services
• Web Protocols
• Escape To Host
• North America
• Obfuscated Files Or Information
• Match Legitimate Name Or Location

Cryptojacking Campaign Targets Misconfigured Docker APIs

A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.

• Bitdefender
• Resource Hijacking
• Europe
• Venom Rat
• Cameleon
• Financial Theft
• Eastern Europe
• Business Services
• Romania

New Malicious Campaign Exploits Fake Antivirus Website to Distribute Venom RAT

Cybersecurity researchers have uncovered a malicious campaign that utilizes a fraudulent website masquerading as Bitdefender's antivirus software to distribute a remote access trojan known as Venom RAT. The site, bitdefender-download[.]com, tricks users into downloading a zip file containing malware disguised as an installer. This campaign aims to compromise victims' credentials and crypto wallets, highlighting a trend of sophisticated, modular malware that leverages open-source components for more effective attacks.