HackingTech News

New Kinsing malware campaign targetting Docker servers

From the past few months, researchers have observed a new malware campaign that is scanning Docker servers on the internet running exposed API misconfigured open ports that has no password in it that installs a crypto mining malware named ‘ Kinsing’ in them.

The campaign is running from months in the wild with thousands of attempts were taking place on a daily basis said Aqua researchers.

docker malware campaign

Since the main purpose of the malware is to mine cryptocurrency on the compromised docker but it also downloads and installs a version of ClamAV antivirus that usually detects other local malware running on the docker port and removing it, but it also runs a script that gathers local SSH credentials to infect other cloud systems with other malware.

docker attack
Kinsing malware campaign

How kinsing malware is initiated 

The attackers are taking advantage of the unprotected Docker ports through which they are able to instantiate an ubuntu container. After the entry, the attackers download a shell script d.sh that contains more than 600 lines of code and does the following:

  • Clearing logs and disabling security measures 
  • Kills other malware and crypto miners running 
  • Remove other malware from the docker
  • Downloading the Kinsing malware 

Kinsing is a Linux agent and written in Go lang. Before execution of the payload, the malware communicates with the C&C server that is located in Eastern Europe. The malware connects over HTTP port 80 and sends small encrypted messages on a regular interval of time.

Such attacks started since 2018 and Aqua and Sysdig were the first two companies to identify these type of docker based attacks.

MD5s:
kinsing – 0d3b26a8c65cf25356399cc5936a7210
kinsing – 6bffa50350be7234071814181277ae79
kinsing – c4be7a3abc9f180d997dbb93937926ad
kdevtmpfsi – d9011709dd3da2649ed30bf2be52b99e

Satender Kumar

A Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others and always available to play chess.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + 13 =

Back to top button
The Tech Infinite