Cybercrooks Target Docker Containers With Novel Pageview Generator
Cyberattackers are exploiting Docker instances to drop the bot-tastic 9hits Web traffic generator and "earn" valuable credits that can be turned into cash.
January 18, 2024
Container-focused cyberattackers have a brand-new type of payload: a gray-area traffic-generating tool that creates artificial page views for websites, known as the 9hits Traffic Exchange.
Members of 9hits can buy what are known as "credits" on the platform, which can be exchanged for sending a set amount of traffic to a given website via the automated 9hits viewer app. The app loads a chosen webpage a certain number of times, thus generating page views — even though there are no actual eyeballs taking in the target site's content.
9hits might be a little shady, being used to inflate a site's actual visitor engagement numbers in a quest for luring advertisers — but its use is not illegal. Unless, of course, it's being planted into an organization's infrastructure without consent, thus stealing compute resources.
According to researchers at Cado Security, that's exactly what the bad guys are doing: deploying this "unique Web traffic solution" (as it bills itself), in order to generate credits for the attacker.
Cado says the attackers in a fresh campaign are targeting vulnerable Docker services to deploy two separate containers: an XMRig cryptominer and 9hits. The former is a well-known malicious payload, but the latter is entirely novel, the researchers said.
"Attackers always seek more strategies to profit from compromised hosts," according to Cado's 9hits/Docker analysis published today. "[We] can observe the processes being run, allowing the 9hits app to authenticate with their servers and pull a list of sites to visit. Once visited, the session owner is awarded a credit on the 9hits platform."
The credits can then be turned into traffic to the attacker's site of choice, which in turn can be monetized in any number of creative ways, including selling it to an ad network.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024