Threat actors have been exploiting misconfigured Docker APIs to infiltrate containerized environments before leveraging Tor to stealthily launch the XMRig cryptomining malware as part of a new attack campaign aimed at organizations in the technology, financial services, and healthcare sectors, reports The Hacker News.After sending a request to procure the targeted machine’s list of containers and creating a container in the absence of one, attackers proceed with the deployment of a “docket-init.sh” shell script that alters the system’s SSH configuration for remote access, installs the libpcap, masscan, torsocks, and zstd tools, and downloads XMRig, a Trend Micro analysis showed. “This approach helps attackers avoid detection and simplifies deployment in compromised environments,” said Trend Micro researchers. Such findings follow a Wiz report detailing the exposure of more than 30 organizations’ valid secrets across public code repositories, which could be weaponized in cyberattacks. “Beyond just secrets, code execution results in Python notebooks should be generally treated as sensitive. Their content, if correlated to a developer’s organization, can provide reconnaissance details for malicious actors,” said Wiz researchers.