A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations. The attack pattern starts with the attackers identifying a misconfigured Docker API port that has been left open to the public internet. They then access that open port and the Docker instance connected to it, and run a rogue Ubuntu container. The cryptominer mines for Bitcoin, and is simply called kdevtmpfsi It s nothing special, but connects to a host using a log in request over HTTP, receives further instructions and starts mining cryptocurrency.
Source: https://threatpost.com/self-propagating-malware-docker-ports/154453/

