Cryptomining Malware Moves into Software Containers

in security •  2 months ago 

Security researchers at Palo Alto Networks have discovered the Graboid worm that spreads through Docker software containers and mines Monero cryptocurrency for the attackers. This is a new tactic and territory for crypto-mining worms. It is the first time such malware has been detected traversing software containers.   

Once a core image repository is infected, anytime the image is pulled and used, the malware goes with it and is spawned to maliciously consume resources for crypto-mining. Traditional security software rarely looks inside containers, so these instances can be active for as long as the container is in use.  

 Security recommendations: 

  1. Make sure the docker engine is not exposed to the internet without proper authentication controls 
  2. Use whitelisting where possible to identify and limit allowable incoming traffic sources 
  3. Tenaciously protect the software repositories from tampering or infection 
  4. Only pull images from trusted repositories 
  5. Setup monitoring of images and repositories to detect if they have been modified or acting in unauthorized ways  
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Great recommendations!

It was only a matter of time. Always secure your environments!!!

As software containers gained in popularity, it was just a matter of time before malware followed.

  ·  2 months ago Reveal Comment