A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime is exploiting Docker containers to mine Monero
Palo Alto Networks cyber security experts: Cybercrime is exploiting Docker containers to mine Monero. A Hub account, azurenql, was hosting six malicious images intended to mine the cryptocurrency
Cybercrime is exploiting Docker containers to mine the Monero cryptocurrency. It has been discovered by Palo Alto Networks Unit 42 cyber security experts. They have been gaining popularity over the past few years as an effective way of packaging software applications, providing a strong community-based model for users and companies to share their software applications. This is also attracting the attention of malicious actors intending to make money by cryptojacking within containers and using Docker Hub to distribute these images. The researchers identified a Hub account, azurenql, active since October 2019 that was hosting six malicious images intended to mine Monero. The coin mining code within the image intends to evade network detection by using network anonymizing tools such as ProxyChains and Tor. The images hosted on this account have been collectively pulled more than two million times.