A crypto-mining botnet is now stealing Docker and AWS credentials H ard

The malicious scripts are being developed to steal more sensitive data such as credentials. The malware, which installs Monero cryptominers on the infected systems, has been actively targeting Docker installations since April, according to Trend Micro. Furthermore, Oliveira says TeamTNT has now added a feature to collect Docker API credentials, on top of the AWS…

TeamTNT Botnet Updated to Steal Docker and AWS Credentials

Some apps in /Applications are owned by root, but for reasons unknown to the authors, some non-system apps are owned by the user. Some user-owned apps include Docker, Google Chrome, Visual Studio Code, and iTerm, while Slack, VMWare Fusion, and Wireguard are owned by root. The install of apt within the Service Container is broken…