Cryptojacking Chaos: Kubernetes Clusters Hijacked for Dero Mining Frenzy

Cybersecurity researchers have flagged a cryptojacking campaign exploiting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Watch out for seemingly benign DaemonSets like “k8s-device-plugin” hiding malicious intentions.

3P
Published: June 12, 2024 2:03 pmAdded: June 12, 2024 at 7:11 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When it comes to cryptojacking, Kubernetes clusters are like the all-you-can-eat buffet of the cybercrime world — a hacker’s paradise where the only thing missing is a ‘Please Hack Me’ neon sign.

Key Points:

  • Cryptojacking campaign targets misconfigured Kubernetes clusters to mine Dero cryptocurrency.
  • Wiz researchers identified an updated variant of the attack first documented by CrowdStrike in March 2023.
  • Malicious container images hosted on Docker Hub, disguised as legitimate “pause” containers, are used to deploy the miner.
  • The attacker uses anonymous access and benign-sounding DaemonSets to infiltrate Kubernetes clusters.
  • Additional tools include a Windows sample of the Dero miner and a dropper shell script to eliminate competing miners.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?