Hackers abuse TOR network and misconfigured Docker APIs to steal crypto - so keep an eye on your wallet
techradar.com
- Attackers exploit exposed Docker APIs to deploy cryptojackers and scan for more targets
- The malware installs persistence tools, includes inactive code for Telnet and Chrome port attacks, and may evolve into a botnet
- Akamai urges isolating Docker, limiting exposed services, and more
Cybercriminals are targeting exposed Docker APIs to install cryptojackers, scan the internet for more potential victims, and possibly even build out a botnet.
Recently, security researchers from Akamai wrote an in-depth report about a new campaign, seemingly a continuation of a similar one that was spotted by Trend Micro in late June 2025.
The campaign revolves around looking for servers with Docker’s API exposed on port 2375. Once identified, the crooks create a new container and pull down a script from a hidden TOR browser (.onion) website.
Cryptojacking botnet
The script tweaks systems settings to establish ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE