Privacy coin Dero targeted by new self-propagating malware

PANews reported on May 29 that according to CoinDesk, cybersecurity company Kaspersky discovered that a new Linux malware is attacking unprotected Docker infrastructure, using the exposed Docker API port 2375 to create malicious containers, forming a decentralized cryptojacking network to mine the privacy coin Dero. The malware uses two Golang implants: "nginx" is used to scan more vulnerable targets, and "cloud" is used for actual mining.

Researchers pointed out that the malware uses self-propagating worm logic, does not require a central command server, and hides itself by encrypting configuration data. As of early May, more than 520 Docker APIs were publicly exposed through port 2375 worldwide. This attack uses the same wallet and node infrastructure as the cryptojacking activities targeting Kubernetes clusters in 2023-2024, indicating that this is an upgraded version of a known threat.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
15 hour ago
2025-12-13 03:43
2025-12-12 10:20
2025-12-12 06:00
2025-12-11 12:48
2025-12-10 13:00

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读