CETUS CRYPTO WORM TARGETS DOCKER
9/09/2020

Cryptojacking worm Cetus infects unsecured Docker daemons with XMRig cryptominer payload to mine monero.

OVERVIEW

  • Palo Alto networks researchers discovered new cryptojacking worm Cetus infecting unsecured Docker daemons with XMRig for monero mining.

  • Cetus worm masks itself as frequently used legitimate UI tool for managing multiple Docker instances called Portainer.

  • Cetus deploys XMRig cryptominer payload with a different legitimate looking binary name called docker-cache.

Security Advisory Thumbnail