Jump to content
Login new information ×
Login new information

Malicious Docker Hub containers infect 20 million with cryptomining malware

mood

By mood
in Security & Privacy News

Recommended Posts

mood

mood

Posted
Posted

Malicious Docker Hub containers infect 20 million with cryptomining malware

Public cloud images can deliver cryptomining malware without much effort

 

yaTc7yRkfydWWSj2tD8dGH-970-80.jpg.webp

(Image credit: Yevhen Vitte / Shutterstock)

 

Security researchers have chanced upon a novel cryptomining operation that’s estimated to have netted its authors over $200,000.

 

Instead of planting cryptomining malware via complex campaigns, cybercriminals simply rolled them inside dozens of container images that have since clocked over 20 million downloads.

 

Armed with a simple a cryptomining scanner, Palo Alto Networks Unit42 researcher Aviv Sasson discovered 30 malicious images on Docker Hub, which leads him to believe that there “are many other undiscovered malicious images on Docker Hub and other public registries.” 

Lucrative target

Sasson found tainted containers from ten different accounts. He believes piggybacking cryptomining malware inside container images is lucrative since they are hardly inspected when pulled from reputable registries such Docker Hub. 

 

Unsurprisingly, most of the malicious containers mined the Monero cryptocurrency, which is a favourite among unscrupulous users for its enhanced privacy and anonymity. A small number also mined the Grin and Aronium cryptocurrencies as well.

 

Similarly, the open source XMRig miner was the favourite weapon of choice, while a small percentage used the Xmr-stack miner.

 

Interestingly, Sasson observed that the malicious uploaders had tagged their tained images with operating system and CPU architectures to deliver optimized payloads.

 

“The only thing that is common for all the tags in a certain image is the crypto wallet address or the mining pool credentials,” says Sasson who then inspected their mining pool information to estimate the worth of the total cryptocurrency mined using the tainted images.

 

Via: BleepingComputer

 

 

Source: Malicious Docker Hub containers infect 20 million with cryptomining malware

Link to comment
Share on other sites
  • Replies 1
  • Views 387
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...