'Doki' malware attacks Docker servers using Dogecoin

Misconfigured Docker API ports are being scanned and exploited by a threat that's evolved from the Ngrok Botnet campaign

Malware that has remained undetected for six months is exploiting misconfigured Docker API ports to launch malicious payloads, while abusing the Dogecoin cryptocurrency blockchain in the process.

The malware, known as ‘Doki’, is targeting misconfigured containerised environments hosted on Azure, AWS, and a number of other major cloud platforms, according to Intezer researchers, with attackers able to find publicly accessible Docker API ports and exploit them to establish their own containers.

Sign up for our free newsletter