Malware developed by hacker group TeamTnT targets exposed Docker daemon APIs to perform scanning and cryptojacking operations. Hackers often target AWS credential files on compromised cloud systems to mine for Monero. Black-T also features memory password scraping using mimipy and mimipenguins, which are *NIX equivalents to the commonly used Windows-specific memory password scraper functionality of Mimikatz, researchers at Palo Alto Unit 42 say. The group uses botnets to help install cryptojackers in vulnerable or unprotected Docker containers and Kubernetes instances.”]
Source: https://www.cuinfosecurity.com/cryptojacker-targets-exposed-docker-daemon-apis-a-15116