THREAT ALERT: Crypto miner attack involving RinBot's server, a popular Discord bot

In January 2021, the Sysdig Security Research team identified a crypto mining attack originating from a server hosting the popular RinBot Discord bot, which was suspected to be compromised and acting as a command and control server for the dk86 malware. This attack, leveraging the popularity of Discord—a platform with over 100 million active users in 2020—demonstrates the increasing trend of crypto miner attacks exploiting third-party integrations within popular applications. Discord bots, hosted by third parties, pose potential security risks as they may not adhere to stringent data protection standards, which could lead to compromised user data if the bot servers are hacked. The dk86 malware was discovered through a honeypot setup and used a backdoor to install the xmra64 crypto miner, engaging in unauthorized cryptocurrency mining activities. This incident underscores the importance of using advanced security tools like the Sysdig Secure DevOps Platform, which provides runtime threat detection and monitoring to help system administrators protect their infrastructure from such attacks. The article emphasizes the need for heightened vigilance in managing third-party services and integrating comprehensive security practices to safeguard against emerging cyber threats in cloud-native environments.