Intel Name: Gafgyt malware broadens its scope in recent attacks
Date of Scan: December 5, 2024
Impact: High
Summary: The Gafgyt malware (also known as Bashlite or Lizkebab) has recently been observed targeting publicly exposed Docker Remote API servers. Traditionally focused on IoT devices, Gafgyt is now expanding its scope. Attackers exploit misconfigured Docker APIs to deploy the malware by creating containers using legitimate “alpine” Docker images. Once deployed, the malware enables attackers to infect victims and launch DDoS attacks against targeted servers.