Docker Hub images downloaded 20M times come with cryptominers

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years.

Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects.

Aviv Sasson, part of the Palo Alto Networks threat intelligence team, Unit 42, discovered on Docker Hub 30 malicious images that are involved in cryptojacking operations.

The researcher found that they came from 10 different accounts. Some of them have names that clearly indicate their purpose, while others have misleading names like "proxy" or "ggcloud" or "docker."

Images from all but one account continue to be available on Docker Hub at the moment of writing. The owner of one account called "xmrigdocker" appears to have pulled their images from the registry. [...]
The full list of malicious Docker images that Sasson found is available in Unit 42's blog post.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top