In line with a recent news report by cybersecurity firm ‘Imperva’, around 400 servers running virtualization software codes were found to be at risk of external exploitation. Most of them were apparently running Monero [XMR] mining softwares.
A misconfiguration of the vulnerable Docker hosts enable public access to the Docker API, that ought to solely be locally accessible. This mis-configuration, combined with a recently discovered ‘vulnerability‘, permitting attackers to get administrator rights on the server and install software of their selection.
Since a hacker might install any software following this method, the vulnerability does not solely allow crypto jacking, but also additionally the installation of any other desired ‘malware‘ or use of the hosts to hold any reasonable attacks. Researchers at Imperva claim to have found over 3,800 misconfigured hosts [with the API exposed], of that around 400 were truly accessible. The report outlines:
“We found that almost all of the  exposed Docker remote API IPs are running a crypto miner for a currency referred as Monero [XMR].”
Lastly, the information on the server is additionally accessible to the hacker, together with the database and a few unencrypted credentials, along with their passwords, Imperva added.
As ‘reported‘ earlier in mid-Feb., United States-based software giant ‘Microsoft’ also removed eight Windows 10 apps from its official app store when cyber security firm Symantec discovered the presence of surreptitious Monero [XMR] mining vulnerability.
While cryptojaking is apparently widely used as a way to earn cash among cybercriminals, legitimate crypto currency ‘mining‘ service Coinhive, that specifically mines Monero, ‘closed its operations‘ earlier last month as the project had reportedly become economically inviable.