The prolific botnet, which previously targeted vulnerable Microsoft Exchange servers, is now gaining initial access via exposed Docker APIs.
Some cybercrime groups are using trojaned proxyware installers to gain a foothold on victim machines and install malware and cryptominers.
The Lemon Duck cryptocurrency-mining botnet was seen behind a spike of April attacks exploiting the Microsoft Exchange server ProxyLogon flaw.
TeamTNT, a crypto-mining botnet, is stealing Amazon Web Services credentials from infected Docker and Kubernetes servers.
Cybercrime gangs are still making hay with ransomware, but a new report from Europol shows that malicious cryptomining is gaining momentum.