Misconfigured Docker Servers Under Attack by Xanthe Malware

From threatpost.com

docker xanthe malware

The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.

Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems.

Xanthe was first discovered in a campaign that employed a multi-modular botnet, as well as a payload that is a variant of the XMRig Monero cryptocurrency miner. Researchers said that the malware utilizes various methods to spread across the network – including harvesting client-side certificates for spreading to known hosts via Secure Shell (SSH).

Read more…