financetom
Technology
financetom
/
Technology
/
Privacy Crypto Dero Targeted With New Self-Spreading Malware
News World Market Environment Technology Personal Finance Politics Retail Business Economy Cryptocurrency Forex Stocks Market Commodities
Privacy Crypto Dero Targeted With New Self-Spreading Malware
May 28, 2025 8:23 AM

A newly discovered Linux malware campaign is compromising unsecured Docker infrastructure worldwide, turning exposed servers into part of a decentralized cryptojacking network that mines the privacy coin Dero DERO.

According to a report by cybersecurity firm Kaspersky, the attack begins by exploiting publicly exposed Docker APIs over port 2375. Once access is gained, the malware spawns malicious containers. It infects already-running ones, siphoning system resources to mine Dero and scan for additional targets without requiring a central command server.

In software terms, a docker is a set of applications or platform tool and products that use OS-level virtualization to deliver software in small packages called containers.

The threat actor behind the operation deployed two Golang-based implants: one named “nginx” (a deliberate attempt to masquerade as the legitimate web server software), and another called “cloud,” which is the actual mining software used to generate Dero.

Once a host was compromised, the nginx module continuously scanned the internet for more vulnerable Docker nodes, using tools like Masscan to identify targets and deploy new infected containers.

“The entire campaign behaves like a zombie container outbreak,” researchers wrote. “One infected node autonomously creates new zombies to mine Dero and spread further. No external control is needed — just more misconfigured Docker endpoints.”

To avoid detection, it encrypts configuration data, including wallet addresses and Dero node endpoints, and hides itself under paths typically used by legitimate system software.

Kaspersky identified the same wallet and node infrastructure used in earlier cryptojacking campaigns that targeted Kubernetes clusters in 2023 and 2024, indicating an evolution of a known operation rather than a brand-new threat.

In this case, however, the use of self-spreading worm logic and the absence of a central command server make it especially resilient and harder to shut down.

As of early May, over 520 Docker APIs were publicly exposed over port 2375 worldwide — each one a potential target.

Comments
Welcome to financetom comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Related Articles >
Exploring The Competitive Space: Microsoft Versus Industry Peers In Software
Exploring The Competitive Space: Microsoft Versus Industry Peers In Software
Jul 22, 2024
In the ever-evolving and intensely competitive business landscape, conducting a thorough company analysis is of utmost importance for investors and industry followers. In this article, we will carry out an in-depth industry comparison, assessing Microsoft ( MSFT ) alongside its primary competitors in the Software industry. By meticulously examining key financial metrics, market positioning, and growth prospects, we aim to...
Peeling Back The Layers: Exploring PAR Technology Through Analyst Insights
Peeling Back The Layers: Exploring PAR Technology Through Analyst Insights
Jul 22, 2024
In the last three months, 6 analysts have published ratings on PAR Technology ( PAR ) , offering a diverse range of perspectives from bullish to bearish. The table below offers a condensed view of their recent ratings, showcasing the changing sentiments over the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish...
Analyst Ratings For Arlo Technologies
Analyst Ratings For Arlo Technologies
Jul 22, 2024
Ratings for Arlo Technologies ( ARLO ) were provided by 6 analysts in the past three months, showcasing a mix of bullish and bearish perspectives. The table below summarizes their recent ratings, showcasing the evolving sentiments within the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish Bearish Total Ratings 6 0 0...
Industry Comparison: Evaluating Palantir Technologies Against Competitors In Software Industry
Industry Comparison: Evaluating Palantir Technologies Against Competitors In Software Industry
Jul 22, 2024
In the dynamic and fiercely competitive business environment, conducting a thorough analysis of companies is crucial for investors and industry enthusiasts. In this article, we will perform an extensive industry comparison, evaluating Palantir Technologies ( PLTR ) in relation to its major competitors in the Software industry. By closely examining crucial financial metrics, market position, and growth prospects, we aim...
Copyright 2023-2026 - www.financetom.com All Rights Reserved