Cybersecurity researchers have uncovered a new malware campaign specifically targeting Docker environments, employing an undocumented technique to mine cryptocurrency. This malicious activity marks a departure from traditional cryptojacking campaigns that typically make use of miners such as XMRig to monetize computational resources directly.

This new method involves deploying malware that connects to Teneo, a decentralized physical infrastructure network (DePIN) that permits users to earn rewards by operating a node that extracts public social media data. Users can transform these rewards, known as Teneo Points, into $TENEO Tokens.

The malware begins its attack by requesting to launch a container image labeled "kazutod/tene:ten" from Docker Hub. This image, uploaded relatively recently, has already garnered 325 downloads. The container is designed to run a heavily obfuscated Python script that is unpacked over 63 iterations, eventually establishing a connection to the Teneo service.

The malware operates by connecting to the WebSocket and sending regular pings, known as keep-alive signals, to accumulate more Teneo Points without executing any actual data scraping. According to Darktrace’s analysis, the access to rewards is primarily based on the frequency of these heartbeats, which explains the operation’s design.

This approach is reminiscent of earlier threats that infected improperly configured Docker instances using software like 9Hits Viewer to generate traffic for affiliate credits. The methodology is also comparable to other bandwidth-sharing schemes that employ software to share unutilized internet resources for financial benefits.

Historically, cryptojacking relied on tools like XMRig, but their high detection rates have prompted attackers to explore alternative methods for generating cryptocurrency. Whether these new techniques will prove financially beneficial in the long run remains uncertain.

The concerns about cybersecurity are compounded by the emergence of a new botnet, RustoBot, which exploits vulnerabilities in specific devices to conduct DDoS attacks, predominantly targeting the tech sectors in regions including Japan and Taiwan. The attractiveness of poorly defended IoT and network devices makes them appealing targets for attackers, highlighting the importance of robust endpoint monitoring and authentication to mitigate risks from such malicious campaigns.

Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.