Cybersecurity researchers from Trend Micro have discovered hackers targeting Docker remote API servers to mine cryptocurrencies on the underlying hardware. The hackers use an unconventional approach involving the gRPC protocol over h2c. Initially, the attackers target public-facing Docker API hosts to upgrade the HTTP/2 protocol to h2c, enabling them to create a container to mine cryptocurrencies. The researchers suggested the hackers were likely mining Monero due to its privacy benefits. Docker server users are advised to implement stronger access controls and authentication mechanisms.
Increased stealth integrated into novel Grandoreiro banking trojan variants
Advanced anti-detection mechanisms have been added to the Grandoreiro banking trojan, showing its ongoing development despite law enforcement efforts. New additions include a CAPTCHA barrier