New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.

Akamai’s Hunt Team has reported a new variant of malware targeting exposed Docker APIs, expanding on a campaign first documented earlier this summer. The initial strain, detailed by Trend Micro in June 2025, used misconfigured Docker services to install a cryptominer delivered through a Tor domain.