Attackers are installing and using cryptojacking malware on servers by taking advantage of Docker Engine deployments that are open to the internet without authentication. Thus far, approximately 2,000 of these Docker deployments have been compromised by a new cryptojacking botnet that can expand itself. Palo Alto Networks researchers said in a paper published today, “There have been instances of cryptojacking malware spreading as a worm, but this is the first time we see a cryptojacking worm spread using containers in the Docker Engine (Community Edition).” This kind of malicious activity might be challenging to identify as the majority of conventional endpoint protection software does not examine the information and activity within containers.