Attackers are searching for containers that expose a misconfigured port for the Docker API to add another container to do their bidding and run malicious code to mine cryptocurrency. A search using the port-scanning service Shodan revealed that some 6,000 IP addresses may have vulnerable installations of Docker. The campaign appears to target containers that allow Docker commands to be executed without authentication, with in some cases more than a hundred scans targeting each IP address on the Internet every day. In October, another attack, dubbed Graboid, used a similar attack to download malicious images from the Docker Hub.”]