Linux Malware Campaign Targets Docker Hadoop Redis And Confluence

Researchers have uncovered a new malware campaign targeting misconfigured servers running Apache Hadoop YARN Docker Confluence and Redis. This campaign employs several previously unreported payloads including four Golang binaries to automate the discovery and infection of hosts with the targeted services. Attackers utilize these tools to exploit common misconfigurations and n-day vulnerabilities enabling Remote Code Execution (RCE) attacks and the infection of new hosts After gaining initial access the attackers deploy shell scripts and Linux attack techniques to install a cryptocurrency miner establish a reverse shell and maintain persistent access to compromised hosts.