<ul><li>Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances.</li><li>Attackers bypass security by using the gRPC protocol over h2c to execute crypto mining on Docker hosts.</li><li>After scanning for public-facing Docker API hosts and checking for HTTP/2 upgrades, attackers manipulate Docker functionalities via gRPC methods.</li><li>SRBMiner is downloaded and deployed from GitHub, with attackers mining cryptocurrency to their wallet and masking their public IP address.</li></ul>

Crooks are targeting Docker API servers to deploy SRBMiner

Discover more