![trend micro antivirus linux trend micro antivirus linux](https://www.av-comparatives.org/wp-content/uploads/2017/01/avc-linux-2015-escan_1.png)
There are compromised Docker Hub accounts that are being controlled by TeamTNT to spread coin mining malware.” “’alpineos’ (with a total of more than 150,000 pulls with all images combined) is one of the primary Docker Hub accounts being actively used by TeamTNT. “Based on the scripts being executed and the tooling being used to deliver coinminers, we arrive at the following conclusions connecting this attack to TeamTNT,” said researchers. Researchers believe this is how TeamTNT gained the information it used for the compromised sites in this attack. Trend Micro researchers said the same hackers also used credential stealers that would collect credentials from configuration files back in July. They then contacted Docker to have the accounts removed. “These accounts were being used to host malicious images and were an active part of botnets and malware campaigns that abused the Docker REST API,” said researchers. The researchers found Docker Hub registry accounts that were either compromised or belong to TeamTNT. To gain more details about the misconfigured server, such as uptime and total memory available, threat actors also spin up containers using docker-CLI by setting the “-privileged” flag, using the network namespace of the underlying host “-net=host,” and mounting the underlying hosts’ root file system at container path “/host”. The campaign’s compromised containers also attempted to collect information, such as the server’s operating system, the container registry set for use, the server’s architecture, current swarm participation status, and the number of CPU cores. Finally, they carried out internet-wide scans for exposed ports from compromised containers. Second, they performed container-to-host escape using well-known techniques. First, the downloaded or bundled Monero cryptocurrency coin miners.
![trend micro antivirus linux trend micro antivirus linux](https://www.pcwdld.com/wp-content/uploads/Trend-Micro-Apex-One-1024x597.jpg)