Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Infected qBittorrent Docker Image Secretly Mines Crypto

2025-09-23

While migrating servers, the author discovered a suspicious process, netservlet, consuming excessive CPU resources within a hotio/qbittorrent Docker container. Investigation revealed netservlet to be a stealth cryptocurrency miner, likely XMRig or a variant. Analysis of a core dump revealed strings related to cryptocurrency mining (e.g., cryptonight, ethash_calculate_dag_item) and a mining pool address (auto.c3pool.org:19999). This highlights the importance of not trusting random Docker images, regularly monitoring system resources, and auditing hosts and containers to prevent security breaches.

Read more
(apogliaghi.com)
Development cryptocurrency mining