‘Graboid’ - A New Cryptojacking Worm is spread through the Docker hosts

A new Cryptojacking worm is also known as 'Graboid' that is found by the unit 42 researchers. The Graboid worm is spread to almost 2000 unsecured Docker hosts. It is also said by the researchers that this is the very first Cryptojacking worm that uses containers in the docker engine to spread the worm.

The hacker using the Graboid gets the initial foothold through the Docker image that is first installed. As per the research the docker image ‘pocosow/centos’ and ‘gakeaws/nginx’ has been downloaded for almost 10,000 times.

Exposing to docker daemon to the internet without any authentication may to the spread of the Cryptojacking worm and it is also better to check the unknown container and images in the system in order to avoid the spread of Cryptojacking worm. To stay away from the Cryptojacking worm you can also use the SSH to connect to a remote docker daemon.

As per the researchers, the Graboid needs almost an hour to spread 1,400 compromised docker hosts. From the research team of Juniper Networks, a report was released last November that the hackers are taking advantage of Docker services to add the containers with a Monero mining script.