Read Time:32 Second
LemonDuck, a well-known cryptomining botnet, is targeting Docker on Linux systems to coin digital money, CloudStrike reported Thursday.
The company’s threat research team revealed in a blog written by Manoj Ahuje that the botnet is leveraging Docker APIs exposed to the internet to run malicious containers on Linux systems.
Docker is used to build, run, and mange containerized workloads. Since it runs primarily in the cloud, a misconfigured instance can expose a Docker API to the internet where it can be exploited by a threat actor, who can run a crypto miner inside an outlaw container.