Kinsing, a major Bitcoin crypto-jacking campaign on Linux

Of pirates with substantial resources have been waging a cybercrime campaign for several months against Docker servers. The compromise aims to install a cryptominer, kdevtmpfsi, intended to mine Bitcoin.

The cryptojacking remains a serious threat. It consists of threat actors diverting the computing power of infected computers in order to mine cryptocurrencies. This is the subject of a malicious campaign spotted by the security company Aqua.

This operation aims for hackers to spread malware kinsing on environments Docker under Linux. Aqua has also noted that the number of attacks on container environments like Docker is increasing.

Thousands of attacks detected every day

Regarding kinsing, the campaign has been active for several months already "with thousands of almost daily attempts To infect vulnerable systems. "These are the highest figures we have known in a while, far exceeding what we have seen so far," said security experts.

So we believe that these attacks were led by actors with sufficient resources and the infrastructure to carry out and support such attacks, and that it was not an improvised enterprise, "they said.

As for the purpose of these attacks, it is therefore simple: take control of the servers in order to install a crypto-mining malware or cryptominer. This mining tool is called kdevtmpfsi. He is identified by Virus Total as a minor Bitcoin.

Kdevtmpfsi, a malicious Bitcoin miner

This attack is yet another example of the growing threat to native cloud environments. With increasing deployments and increasing use of containers, attackers are improving their skills and mounting more ambitious attacks, with an increasing level of sophistication, ”commented security researchers.

IT security teams in companies are therefore encouraged to develop a security strategy to mitigate risk. Several concrete measures are therefore recommended to prevent these threats, such as a review of the logs to identify anomalies. The operation of a cryptominer, by using the computing resources of the computer, thus leaves clues of his presence.