A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency.
Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured Docker and Kubernetes instances.
The intrusions, spotted in September 2022, get their name from a domain named “kiss.a-dog[.]top” that’s used to trigger a shell script payload on the compromised container using a Base64-encoded Python command.