Self-Replicating Zombie Malware Targets Docker - 1

Image by Henrik L., from Unsplash

Self-Replicating Zombie Malware Targets Docker

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Unsecured Docker containers are hijacked by malware that spreads autonomously, creating a zombie network mining the privacy-focused cryptocurrency Dero.

In a rush? Here are the quick facts:

  • Malware spreads autonomously without a command-and-control server, complicating defense.
  • Two Golang implants: fake nginx tool and hidden Dero cloud miner.
  • Malware hijacks existing containers and creates new malicious containers automatically.

A new cryptojacking campaign is turning unsecured Docker containers into a fast-spreading zombie network that mines the privacy-focused cryptocurrency Dero. The malware spreads on its own, without a command-and-control server, making it harder to stop.

Researchers at Kaspersky discovered the infection during a routine security assessment. “We detected a number of running containers with malicious activities,” they said.

The attack begins when exposed Docker APIs are found online. Once one is breached, the malware creates new malicious containers and hijacks existing ones—turning them into “zombies” that mine Dero and infect others.

The attack uses two Golang-based malware implants, both hidden with UPX packing: one is named nginx (not to be confused with the legitimate web server), and the other is the cloud Dero miner. Kaspersky identified them as Trojan.Linux.Agent.gen and RiskTool.Linux.Miner.gen.

The nginx malware fakes being a legitimate web tool and keeps the miner running while constantly scanning the internet for new targets. It looks for Docker APIs open on port 2375 and uses tools like masscan to detect them. Once it finds a vulnerable system, it deploys a fake Ubuntu container and installs the malware.

It also tries to take over existing containers by checking for a special file, version.dat. If the file is missing, it installs the malware and starts mining.

The cloud miner hides its wallet and server addresses using encrypted strings. Once decrypted, researchers traced them back to past attacks on Kubernetes clusters.

“This implant is designed to minimize interaction with the operator,” the report says, warning that similar campaigns may still be active.

Security experts warn that as long as Docker APIs are exposed online without protection, such cryptojacking campaigns will continue. Users should secure their Docker environments by disabling open APIs and tightening network access controls.

AI Race: How Chinese Giants Are Surviving Without U.S. Chips - 2

Image by Umberto, from Unsplash

AI Race: How Chinese Giants Are Surviving Without U.S. Chips

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Chinese tech giants Tencent and Baidu are staying competitive in AI by stockpiling chips, optimizing software, and turning to local semiconductor solutions.

In a rush? Here are the quick facts:

  • Baidu uses full-stack AI strategy to reduce reliance on restricted U.S. chips.
  • Chinese firms optimize software to increase efficiency with fewer chips.
  • Homegrown semiconductors are helping China reduce dependence on foreign technology.

Chinese tech giants Tencent and Baidu are finding new ways to stay competitive in artificial intelligence despite tougher U.S. restrictions on advanced chip exports. These companies are adjusting strategies by stockpiling chips, improving software efficiency, and exploring homegrown semiconductors.

Tencent President Martin Lau said that the company maintains a “pretty strong stockpile” of high-end GPUs which were purchased earlier, as reported by CNBC . These chips are crucial for training large AI models. While U.S. companies often expand GPU clusters to boost performance, Lau said Tencent achieves solid results using fewer chips.

“That actually sort of helped us to look at our existing inventory of high-end chips and say, we should have enough high-end chips to continue our training of models for a few more generations going forward,” Lau explained, as reported by CNBC.

For running AI tasks, known as inferencing, Tencent is focusing on software optimization and smaller, less power-hungry models. The company is also turning to chips currently available in China.

“I think there are a lot of ways [in] which we can fulfill the expanding and growing inference needs […] rather than just brute force buying GPUs,” Lau added.

Baidu is leveraging what it calls its “full-stack” AI strategy, combining its cloud systems, AI models, and applications like its ERNIE chatbot.

“Even without access to the most advanced chips, our unique full stack AI capabilities enable us to build strong applications and deliver meaningful value,” said Dou Shen, head of Baidu’s AI cloud unit.

Shen added that Chinese progress in developing domestic AI chips and efficient software is helping offset the U.S. curbs. While China still lags behind U.S. chipmakers, experts like Gartner’s Gaurav Gupta say the country’s push to build its own chip ecosystem is showing notable results.