Cetus Malware
Over the past year, the Docker service has become a very frequent target of cyberattacks. While the service is considered safe and secure relatively, it may often be vulnerable to attacks because of its users' negligence – they tend to use weak login credentials, or they leave the administrator panel open to the Internet. These unsecured instances of the Docker service are a prime target of cybercriminals, and they are the perfect infection vector to deliver all kinds of malware.
One of the latest malware pieces to target unsecured Docker service is called Cetus – it runs on Linux exclusively, and it appears to focus on executing cryptocurrency mining crypto-jacking attacks. On top of these capabilities, the Cetus Malware also may exhibit worm-like behavior – infected systems are commandeered and ordered to scavenge the Internet for other unprotected Docker instances. Overall, the Cetus Malware shares many similarities with another crypto-jacking Trojan that targets Docker servers – Graboid.
XMRig Miner Once again Utilized by Malware Developers
Once the infection is completed successfully, the Cetus Malware downloads and runs a February 2020 version of the XMRig miner, a popular Monero cryptocurrency mining tool. While this is a legitimate, open-source project, it has been the favorite cryptocurrency miner of cybercriminals. This is why many reputable anti-virus products now report even legitimate instances of XMRig as a potential threat. The usage of a recent version of the XMRig miner shows that the Cetus Malware is new relatively and its campaign has been active for just a few months.
The mining operation that the Cetus Malware sets up does not stand out with any peculiar features, but cybersecurity researchers discovered that the operator of the malware wants to keep a close eye on their operation. They suspect this because all miners will send detailed statistics about their activity on a regular basis – a rather uncommon occurrence when it comes to cryptocurrency mining Trojans.
The Cetus Malware is spread by exploiting unprotected Docker instance exclusively, so the best you can do to avoid this threat is to make sure that your Docker server is password-protected and configured properly. It also helps to use a reliable anti-virus software suite as a backup security measure.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.