MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
docker
Recherche

A Crypto-Mining Botnet Is Now Stealing Docker and AWS Credentials

samedi 9 janvier 2021, 00:20 , par Slashdot
An anonymous reader quotes a report from ZDNet: Analysts from security firm Trend Micro said in a report today that they've spotted a malware botnet that collects and steals Docker and AWS credentials. Researchers have linked the botnet to a cybercrime operation known as TeamTNT; a group first spotted over the 2020 summer installing cryptocurrency-mining malware on misconfigured container platforms. Initial reports at the time said that TeamTNT was breaching container platforms by looking for Docker systems that were exposing their management API port online without a password.

Researchers said the TeamTNT group would access exposed Docker containers, install a crypto-mining malware, but also steal credentials for Amazon Web Services (AWS) servers in order to pivot to a company's other IT systems to infect even more servers and deploy more crypto-miners. At the time, researchers said that TeamTNT was the first crypto-mining botnet that implemented a feature dedicated to collecting and stealing AWS credentials. But in a report today, Trend Micro researchers said that the TeamTNT gang's malware code had received considerable updates since it was first spotted last summer. TeamTNT has now also added a feature to collect Docker API credentials, on top of the AWS creds-stealing code. This feature is most likely used on container platforms where the botnet infects hosts using other entry points than its original Docker API port scanning feature.

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/Oz1FsbEmZYg/a-crypto-mining-botnet-is-now-stealing-docker-a...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 28 mars - 11:08 CET