Docker Malware Campaign Exploits Teneo Web3 Nodes to Illicitly Earn Cryptocurrency
- Jhade
- 4 days ago
- 2 min read
Attackers Use Deceptive Docker Images to Farm Web3 Rewards Without Legitimate Activity
Cybersecurity researchers have uncovered a novel malware campaign targeting Docker environments, exploiting the Teneo Web3 platform to generate cryptocurrency through deceptive means.
This operation marks a departure from traditional cryptojacking tactics, which typically deploy mining software like XMRig to hijack computing resources.
Malicious Docker Image Discovered
According to analyses by Darktrace and Cado Security, the attackers utilize a malicious Docker container image named "kazutod/tene:ten," hosted on Docker Hub. Once deployed, this container executes a heavily obfuscated Python script that establishes a connection to the Teneo network—a decentralized physical infrastructure network (DePIN).
Teneo is designed to reward users, known as Community Nodes, for aggregating public social media data from platforms such as Facebook, X (formerly Twitter), Reddit, and TikTok.
Simulating Legitimate Participation for Profit
Instead of performing legitimate data scraping, the malware sends continuous "heartbeat" signals via WebSocket to Teneo’s servers. These signals simulate active participation, tricking the system into awarding Teneo Points, which are convertible into $TENEO tokens.
Darktrace notes that the Teneo reward mechanism disproportionately favors signal frequency, making this exploit particularly effective for accumulating rewards without real contribution.
A Shift Toward Stealthier Monetization
This strategy reflects a broader trend among cybercriminals to adopt less detectable methods for monetization. By avoiding traditional mining software—often flagged by security tools—the attackers significantly reduce the risk of detection.
Similar stealth tactics have emerged in campaigns leveraging misconfigured Docker instances to run applications like 9Hits Viewer, which aims to generate traffic credits through automated web browsing.
Security Recommendations for Docker Users
The emergence of such sophisticated schemes underscores the need for robust security measures in containerized environments. Experts recommend:
Regularly auditing Docker configurations
Monitoring network traffic for anomalies
Enforcing strict access controls
Avoiding public Docker images without proper vetting
