New Self-Spreading Malware Propagates from Unprotected Trivy Servers

New Self-Spreading Malware Propagates from Unprotected Trivy Servers

Cybersecurity researchers discovered a campaign targeting misconfigured servers of Aqua Security's popular tool, Trivy. Hackers exploit unprotected API interfaces to penetrate systems, steal data, and mine cryptocurrency covertly.

Threat mechanism: The malware autonomously scans the network looking for Trivy servers that are exposed to the internet on port 8080. After penetration, the virus immediately attempts to infect neighboring devices.

Expert assessment: Matt Muir, senior analyst at security company Cado Security, commented on the threat: "This is the first instance where we have seen malware specifically using unprotected Trivy servers for self-propagation." According to him, this indicates that attackers are increasingly interested in cloud security tools.

Prevention: Specialists advise administrators to restrict access to Trivy interfaces and implement authentication mechanisms to prevent servers from being incorporated into botnets.

Related articles

• OpenAI Plans to Invest $200 Billion in Server Infrastructure Expansion
• Coinbase and Cloudflare Create New Security Standard to Protect Digital Assets
• Chinese Company Neucyber Presents Innovative Brain-Computer Interface Implant