A recent report from Cado researchers has unveiled a new and sophisticated malware campaign known as “Commando Cat,” which specifically targets exposed Docker API endpoints. This campaign is designed for cryptojacking, a process by which cybercriminals hijack the processing power of a victim’s computer or cloud resources in order to mine cryptocurrency without their consent.
Despite only being active since the beginning of this year, “Commando Cat” marks the second cryptojacking campaign to take aim at Docker. Prior to this, a similar campaign had employed the 9hits traffic exchange application, according to the researchers. It is noted that these types of attacks on Docker are not uncommon, particularly within cloud environments.
The researchers have emphasized the determination of attackers to exploit Docker services for a range of malicious purposes. “Commando Cat” is described as a cryptojacking campaign that utilizes Docker to access the host’s filesystem and execute a series of interconnected payloads directly on the host. This sophisticated approach allows the malware to evade detection and maintain a high level of stealth throughout its operation.
One of the key points of concern surrounding “Commando Cat” is the unidentified threat actor behind the campaign. Despite efforts to trace the origin of the attack, the true nature and origins of the threat remain unknown. However, there are potential connections and similarities in scripts and IP addresses to other cybercriminal groups, such as Team TNT, suggesting a possible link or even the involvement of copycat perpetrators.
The complexity and multi-faceted nature of the “Commando Cat” campaign indicate a high level of sophistication in its design and execution. By combining elements of a credential stealer, backdoor access, and cryptocurrency mining into a single, unified threat, the campaign effectively conceals its activities and poses a significant cybersecurity risk.
With the evolving landscape of cyber threats, it is imperative for organizations and individuals to remain vigilant and implement robust security measures to protect against the potential impact of campaigns like “Commando Cat.” As the prevalence of cryptojacking and similar attacks continues to grow, proactive efforts to secure cloud environments and address potential vulnerabilities become increasingly crucial in safeguarding against these sophisticated and malicious threats.