Monero Mining Campaign Exploits Vulnerable Docker Services with 9Hits Viewer Twist

A novel campaign has emerged, targeting vulnerable Docker services with threat actors deploying the XMRig cryptocurrency miner alongside the 9Hits Viewer software as part of a multifaceted monetization strategy. Cloud security firm Cado highlights that this marks the first documented case of malware employing the 9Hits application as a payload, indicating a strategic shift by adversaries to diversify their monetization tactics.

The attack involves breaching servers to deploy malicious containers via the Docker API, fetching off-the-shelf images for the 9Hits and XMRig software. The 9Hits container generates credits for attackers by visiting websites, while the XMRig miner exhausts CPU resources and connects to a private mining pool, making the campaign’s scale and profitability challenging to determine. The campaign’s impact includes resource exhaustion on compromised hosts, disrupting legitimate workloads and posing potential risks of a more serious breach.

Image by Cado Security

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top