HQ/EMEAFind out how we can help your business
A newly discovered malware called TrafficStealer has been targeting Docker containers to earn revenue by monetising ad engagement and web traffic. Reports showed that the new campaign could be a weaponised version of a legitimate traffic routing service.
Researchers explained that the TrafficStealer malware utilises a pre-built container image with traffic monetisation capabilities. This campaign has been possible since the threat actors abused the honeypot established by the research company.
Moreover, the threat actors utilised a Docker container image generated to offer traffic monetisation service. The actors could run this attack if a user installs software that routes the network traffic through their device after subscribing to the service.
However, the containerised software gives no details about the traffic coursing through the subscribers’ devices. In addition, if the attack could operate discretely on the targeted cloud resources, it could exploit the victim’s network traffic and earn revenues for the threat operators.
The threat actors have pulled the container image over 500,000 times from the Docker Hub. This detail shows that this new campaign is part of a massive scheme.
The TrafficStealer malware has a couple of methods to gain ad revenues.
A recent investigation revealed that the TrafficStealer malware uses click simulation and web crawling techniques to execute attacks.
Threat actors scour the internet to spot websites potentially generating revenues. Subsequently, the attackers target these sites by driving traffic to them through the attacker’s network.
The adversaries generate fake clicks on the ads on these high-value sites, resulting in high advertisement revenues. The TrafficStealer service prompts subscribers to develop an account and create a token for monetisation and a unique ID to operate the service locally.
However, the attackers used their own hardcoded token in this attack to divert all their revenue to their accounts.
Threat actors have created yet another malicious tool that could earn them hefty amounts with minimal effort. Cybersecurity experts suggest that users adopt zero-trust security for all environments and audit any open container APIs to lessen the risk posed by the TrafficStealer malware.
