
Attackers Cryptojacking Docker Images to Mine for Monero - eyberg
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
======
60secz
Hot take:

1\. Don't trust random docker images 2\. Criminals love Monero. Wonder if it's
because they care about privacy?

~~~
eyberg
I don't think these images made a point of trying to disguise themselves. They
were meant to be used in already compromised hosts and pulled after the fact.
One of the reasons why containers/k8s are so attractive for malware like this
is that they are spun up/down all the time. Without actively scanning for IoCs
it's very easy to overlook.

