Bleeping Computer: Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns

Bleeping Computer: Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns. “Hundreds of vulnerable and exposed Docker hosts are being abused in cryptojacking campaigns after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month.”

Ars Technica: Google Play caught hosting an app that steals users’ cryptocurrency

Ars Technica: Google Play caught hosting an app that steals users’ cryptocurrency. “The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers, a researcher with Eset said in a blog post. As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers.”

Bleeping Computer: Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts

Bleeping Computer: Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts. “Security researchers say they’ve identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details or are used as staging points in the delivery of other malware.” Magento is an ecommerce platform.