- Apple Intelligence hasn't lived up to my expectations, but these 3 upgrades could win me back
- Samsung launches One UI 8 beta - what's new and how to join
- This 230-piece Craftsman toolset is still just $99 at Lowe's
- Standing Together Against Scams: McAfee Joins the Global Anti-Scam Alliance | McAfee Blog
- I invested in a subscription-less smart ring, and it beat my Oura in several ways
Xanthe – Docker aware miner – Cisco Blogs

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command
Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered an interesting campaign affecting Linux systems employing a multi-modular botnet with several ways to spread and a payload focused on providing financial benefits for the attacker by mining Monero online currency.
The actor employs various methods to spread across the network, like harvesting client-side certificates for spreading to known hosts using ssh, or spreading to systems with an incorrectly configured Docker API.
We believe this is the first time anyone’s documented Xanthe’s operations. The actor is actively maintaining all the modules and has been active since March this year.
Share: