Researchers at Trend Micro have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A).
Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on cloud systems, while recently discovered Kaiji was first reported to affect internet of things (IoT) devices. Attackers usually used botnets to perform brute-force attacks after scanning for open Secure Shell (SSH) and Telnet ports. Now, they also searched for Docker servers with exposed ports (2375). Port 2375, one of the two ports Docker API uses, is for unencrypted and unauthenticated communication.
Source: Trend Micro