A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn. The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet. The campaign starts with an increasingly common attack vector: The compromise of misconfigured Docker API ports. Attackers scan for publicly accessible, open Docker servers and then exploit them in order to set up their own containers and execute malware on the victim s infrastructure.
Source: https://threatpost.com/doki-backdoor-docker-servers-cloud/157871/