The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020. Researchers from Trend Micro discovered that the botnet was improved and is now able to steal also Docker credentials. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Experts noticed that the container image that holds all the malicious samples was created recently, the total number of downloads is 2,000. The new variant of the bot is also able to collect Docker API credentials using a routine that only checks for credential files.”]
Source: https://securityaffairs.co/wordpress/113228/malware/teamtnt-botnet-docker-aws.html