perfctl campaign targeting Docker API

Attackers are exploiting exposed Docker Remote API servers to deploy a new malware strain named "perfctl." This malware is designed to mine cryptocurrency and can evade detection by disabling security features and establishing persistence on compromised systems. The attackers scan for Docker servers with exposed APIs, create privileged containers, and then execute the perfctl malware within these containers. Once active, perfctl can disable security tools, modify system configurations, and utilize system resources for cryptocurrency mining, leading to degraded performance and potential security breaches.