I got malware 🥶

One day I noticed that the app I deployed on my VPS was getting too heavy…

I typed the top command to see ongoing tasks.

$ top

Then I found an unknown service named kinsing

What is Kinsing ?

Kinsing is a kind of malware.

Malware is the name given to software aimed at malicious activity.

What is the purpose of Kinsing ?

Kinsing`s main objective is to mine bitcoins by occupying resources such as CPU and memory.

Since mining requires many calculations, it is generally difficult to earn revenue to cover the cost such as electricity.

So, hackers use Kinsing to occupy someone else’s CPU and memory for mining.

I found an unknown user created in the container hosting Postgres by Kinsing .

Why it happend to me ?

1. Docker misconfiguration

The port of the Docker container was exposed to the outside world.

I thought it would not be a problem as long as I did not download any unknown files, but the port could be attacked.

2. Postgres misconfiguration

My Postgres username was postgres and password was postgres.

So I was an easy target !! 💣

What I did after

  1. Introduced Nginx Proxy Manager to hide the port and removed the line from docker-compose according to the port.

  2. Updated Postgres password.

  3. Update servises used by VPS frequently.

Conclution

It was a good heads-up regarding the security issues.

I hope this article can help somebody.

Refarences