Cybercriminals do not need to rely on advanced hacking tools, zero-day exploits, and complicated attack campaigns always – sometimes, all they need to do is to look for servers that have not been secured properly, and this might enable them to execute a large-scale cryptocurrency mining campaign. Such is the case with Kinsing, a new Trojan miner that has been discovered on numerous Docker servers that use the default login credentials or are not password-protected at all. Apparently, the masterminds behind the Kinsing malware have been scanning the Web for exposed Docker servers, and then deployed a copy of the malware to all accessible hosts.
The first instances of the Kinsing malware were installed last year, but the attack continues to this very day. While the size of the Kinsing mining botnet is not that impressive, it has been increasing ever since the campaign started gradually – the attackers are scanning the Internet for vulnerable Docker servers actively and then installing the threatening miner.
Although the primary function of Kinsing is to harvest a server's hardware resources and use them to mine for the Monero cryptocurrency, the threat supports several other features. Currently, Kinsing has been using special scripts whose purpose is to free up as much hardware resources as possible – this is done by terminating a long list of services, as well as by looking for other miners and wiping them out. Furthermore, the Kinsing malware will try to find and collect SSH credentials that may then be used to infect other servers that are part of the same network. It would be very easy for Kinsing's authors to weaponize the malware further, and then use it to gather files or potentially crucial information.
Administrators of Docker servers should take the required measures to protect themselves from the Kinsing malware, as well as by other attacks that target Docker servers. This can be done by utilizing reputable firewall and anti-virus services, as well as strengthening the server's security policies and login credentials.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Kinsing may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.