Crypto Mining Malware Exploits Docker, Attacks Privacy Coin Dero

A new Linux malware is targeting vulnerable Docker infrastructures worldwide, turning them into decentralized mining networks for privacy coin Dero. The self-replicating malware exploits unauthenticated Docker API access on port 2375 to deploy two payloads: one masquerading as the legitimate nginx web server and the other, named cloud, handling mining operations. As of early May, over 520 Docker APIs were found publicly accessible via this vulnerable port, indicating a high number of potential targets.