Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain that connects to a nascent Web3 service called Teneo, a decentralized physical infrastructure network (DePIN) that allows users to monetize public social media data by running a Community Node in exchange for rewards called Teneo Points, which can be converted into $TENEO Tokens. The node essentially functions as a distributed social media scraper to extract posts from Facebook, X, Reddit, and TikTok. An analysis of artifacts gathered from its honeypots has revealed that the attack starts with a request to launch a container image "kazutod/tene:ten" from the Docker Hub registry. The image was uploaded two months ago and has been downloaded 325 times to date. The container image is designed to run an embedded Python script that's heavily obfuscated and requires 63 iterations to unpack the actual code, which sets up a connection to teneo[.]pro. "The malware script simply connects to the WebSocket and sends keep-alive pings in order to gain more points from Teneo and does not do any actual scraping," Darktrace said in a report shared with The Hacker News. "Based on the website, most of…Read More