Cybersecurity researchers tell in detail about the malicious program that focuses on Docker Environments with previously unregistered cryptocurrency.
Claus activity, Per Darktrace and Cado SecurityIt is a shift from other crypts that are directly unfolding Miners like xmrig To illegally profit from computing resources.
This involves deployment of deformation malware that connects to the Web3 charged service called teneo, a decentralized physical infrastructure network (Depin), which allows users to monetize public social media data by running AA The community knot In exchange for rewards called I keep scoreswhich can be converted to tokens teneo.
The node is essentially functioning as a distributed social media scraper to extract messages from Facebook, X, Reddit and Tiktok.
Analysis of artifacts collected from his Honeypots showed that the attack begins with a request for launching a container image “Kazutod/Tene: Ten“From the Docker Hub registry. The image was loaded two months ago and was loaded 325 times today.
A container image is designed to launch a python built -in script, which is strongly embarrassed and requires 63 iterations to unpack the actual code that sets the connection with teneo (.) Pro.
“The malicious software scenario is simply connected to WebSocket and sends pinds to get more points from teneo and does no actual scraping,” the Darktrace report said in a report that is shared with Hacker News. “Based on the web -car, most awards are closed for the number of hearts, so it probably works.”
The company resembles another Granting threat of cluster’s activity This is known to infect incorrectly customized Docker copies with 9Hits viewing software to create traffic on certain sites in exchange for loans.
A set of invades is also similar to other bandwidth distribution schemes as Proxyjacking This involves loading a specific software for sharing unused online resources for some financial stimulation.
“Usually, traditional cryptocurrency attacks are counted on the use of Xmrig for the immediate cry of cryptocurrency, however, when Xmrig is highly expressed, the attackers go to alternative methods of creating crypto,” Darktra said. “Whether it is more profitable is still to be found.”
The disclosure of information occurs when the Fortinet Fortiguard Labs revealed a new botnet, called Rustobot, which is distributed through security deficiencies in Totolink (CVE-2022-26210 and Cve-2022-26187) and Draytek (Cve-2024-12987) affiliation with the targets of DDOS. It has been revealed that efforts to operate first of all focus on the technological sector in Japan, Taiwan, Vietnam and Mexico.
“IoT and network devices are often poorly protected by final points, making them attractive goals for operation and malware,” – security researcher Vincent Lee – Note. “Strengthening the monitoring and authentication of the end points can significantly reduce the risk of operation and help mitigate malware.”
