mongo-express-docker icon indicating copy to clipboard operation
mongo-express-docker copied to clipboard

Published 20 hours ago verified publisher icon mongo-express

Make sure kdevtmpfsi crypto malware isn't coming from tini

Open knickers opened this issue 5 years ago • 1 comments

An issue was opened in the mongo-express repo by @jophj with evidence that a crypto malware miner kdevtmpfsi is coming in with tini https://github.com/mongo-express/mongo-express/issues/553

We should look into it 😁

knickers avatar Feb 13 '20 04:02 knickers

This definitely sounds like someone left a database of some kind exposed to the internet and it got hacked. They should stop their running services, update their configuration to require authentication or better yet to not expose any database publicly, and start things back up.

$ docker pull mongo-express
Using default tag: latest
latest: Pulling from library/mongo-express
Digest: sha256:c0aebfd7d7890a11248fb442706003156dfcbab260a3a1a64efb3c2c475d0d5e
Status: Image is up to date for mongo-express:latest
docker.io/library/mongo-express:latest

$ docker run -it --rm mongo-express find / -iname '*devtmp*'
$

tianon avatar Feb 13 '20 23:02 tianon