Crypto Miner in hotio/qbittorrent
5 hours ago
- #system-monitoring
- #docker-security
- #crypto-miner
- A suspicious process named 'netservlet' was found running inside a hotio/qbittorrent Docker container.
- The process was consuming unusually high CPU and was identified as a crypto miner.
- Investigation revealed references to cryptocurrency mining, mining pool addresses, and miner configuration options.
- The binary was likely a variant of XMRig, a known crypto miner.
- The incident highlights the importance of monitoring system resources and auditing containers.
- Recommendations include not trusting random Docker images and regularly auditing host and containers.