Cado researchers have recently encountered a novel malware campaign, dubbed “Commando Cat,” targeting exposed Docker API endpoints – the second campaign targeting Docker since the beginning of 2024, the first being the malicious deployment of the 9hits traffic exchange application.
Commando Cat is a novel cryptojacking campaign exploiting Docker for initial access by deploying a benign container generated using the Commando Project on GitHub. It leverages Docker as an initial access vector and abuses the service to mount the host’s filesystem before running a series of interdependent payloads directly on the host.
These payloads are responsible for registering persistence, enabling a backdoor, exfiltrating various Cloud Service Provider credential files, and executing the miner. The malware’s several sophisticated evasion techniques, including an unusual process hiding mechanism, are of particular interest.
You can read the report here.
Related
This entry was posted on February 1, 2024 at 9:00 am and is filed under Commentary with tags Cado. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A Novel Malware Campaign Is Targeting Docker
Cado researchers have recently encountered a novel malware campaign, dubbed “Commando Cat,” targeting exposed Docker API endpoints – the second campaign targeting Docker since the beginning of 2024, the first being the malicious deployment of the 9hits traffic exchange application.
Commando Cat is a novel cryptojacking campaign exploiting Docker for initial access by deploying a benign container generated using the Commando Project on GitHub. It leverages Docker as an initial access vector and abuses the service to mount the host’s filesystem before running a series of interdependent payloads directly on the host.
These payloads are responsible for registering persistence, enabling a backdoor, exfiltrating various Cloud Service Provider credential files, and executing the miner. The malware’s several sophisticated evasion techniques, including an unusual process hiding mechanism, are of particular interest.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on February 1, 2024 at 9:00 am and is filed under Commentary with tags Cado. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.