New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic
Jan 18, 2024
Server Security / Cryptocurrency
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said , adding the development is a sign that adversaries are always on the lookout for diversifying their strategies to make money off compromised hosts. 9Hits advertises itself as a "unique web traffic solution" and an "automatic traffic exchange" that allows members of the service to drive traffic to their sites in exchange for purchasing credits. This is accomplished by means of a software called 9Hits Viewer, which runs a headless Chrome browser instance to visit websites requested by other members, for which they earn credits to pay for generating traffic to their sites. The exact method used to spread the malwa