Vulnerable Docker hosts are being targeted with an odd cybercrime campaign, whose goal isn’t to steal sensitive data, deploy stage-two malware, or mount devastating Distributed Denial of Service (DDoS) attacks.
Instead, this campaign’s goal is to boost website traffic for the attackers, via an application known as 9hits.
According to researchers from Cado Security, 9hits is a web traffic exchange platform, where users can drive traffic among themselves. When a user installs 9hits, their device visits other members’ websites via a headless Chrome instance. In exchange, the user receives credits which they can then spend to drive traffic to their own sites.