According to the security researcher, once the hackers find a Docker instance with an exposed API port, they use the access provided by this port to download and install the Kinsing malware.