Some 2,000 Docker hosts have been attacked and infected by a relatively basic worm that exploits misconfigured permissions to download and run cryptojacking software as malicious containers. The Graboid worm is not exploiting a vulnerability, but a lack of proper security settings, Palo Alto Networks says. The worm spreads by identifying vulnerable hosts and then sending a command to download a malicious docker image. The image is instantiated as a container, connects to the command-and-control (C2) server and download four scripts.”]
Source: https://www.darkreading.com/cloud/cryptojacking-worm-targets-and-infects-2-000-docker-hosts