Hundreds of Docker hosts with vulnerability in RunC are infected with Monero mining software. Thousands of available Dockers hosts fell victims of crypto jacking. The hackers attacked them using an exploit for a recently revealed vulnerability CVE-2019-5736 and installed crypto currency miners. Vulnerability in RunC environment was revealed last month. The hacker can change RunC with its help and launch any commands on host system. Although many vendors eliminated the vulnerability in their products (including Amazon, Google and Docker) and one of RunC main miners released a patch, thousands of Docker daemons are still vulnerable. |
