Hundreds of vulnerable and exposed Docker hosts are being abused in cryptojacking campaigns after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month. Imperva’s Vitaly Simonovich and Ori Nakar found that around 400 of the 3,8222 IPs exposed on the Shodan search engine can be accessed by connecting to the IPs on port 2735 and listing the Docked images. Most of the exposed Docker remote API IPs are running a cryptocurrency miner for a currency called Monero.
Source: https://www.bleepingcomputer.com/news/security/vulnerable-docker-hosts-actively-abused-in-cryptojacking-campaigns/