Kinsing
Cybercriminals do not need to rely on advanced hacking tools, zero-day exploits, and complicated attack campaigns always – sometimes, all they need to do is to look for servers that have not been secured properly, and this might enable them to execute a large-scale cryptocurrency mining campaign. Such is the case with Kinsing, a new Trojan miner that has been discovered on numerous Docker servers that use the default login credentials or are not password-protected at all. Apparently, the masterminds behind the Kinsing malware have been scanning the Web for exposed Docker servers, and then deployed a copy of the malware to all accessible hosts.
The first instances of the Kinsing malware were installed last year, but the attack continues to this very day. While the size of the Kinsing mining botnet is not that impressive, it has been increasing ever since the campaign started gradually – the attackers are scanning the Internet for vulnerable Docker servers actively and then installing the threatening miner.
Although the primary function of Kinsing is to harvest a server's hardware resources and use them to mine for the Monero cryptocurrency, the threat supports several other features. Currently, Kinsing has been using special scripts whose purpose is to free up as much hardware resources as possible – this is done by terminating a long list of services, as well as by looking for other miners and wiping them out. Furthermore, the Kinsing malware will try to find and collect SSH credentials that may then be used to infect other servers that are part of the same network. It would be very easy for Kinsing's authors to weaponize the malware further, and then use it to gather files or potentially crucial information.
Administrators of Docker servers should take the required measures to protect themselves from the Kinsing malware, as well as by other attacks that target Docker servers. This can be done by utilizing reputable firewall and anti-virus services, as well as strengthening the server's security policies and login credentials.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.