Hey, Docker users, check your shit. If you have
publicly-accessible Docker API ports, you're doing it wrong.

"The Docker remote API listens on ports 2735 / 2736. By default, the remote API is only accessible from the loopback interface (“localhost”, “127.0. 0.1”), and should not be available from external sources."

Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.

https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/