Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malicious Docker Hub containers infect 20 million with cryptomining malware
Quote:Security researchers have chanced upon a novel cryptomining operation that’s estimated to have netted its authors over $200,000.

Instead of planting cryptomining malware via complex campaigns, cybercriminals simply rolled them inside dozens of container images that have since clocked over 20 million downloads.

Armed with a simple a cryptomining scanner, Palo Alto Networks Unit42 researcher Aviv Sasson discovered 30 malicious images on Docker Hub, which leads him to believe that there “are many other undiscovered malicious images on Docker Hub and other public registries.”

Lucrative target
Sasson found tainted containers from ten different accounts. He believes piggybacking cryptomining malware inside container images is lucrative since they are hardly inspected when pulled from reputable registries such Docker Hub.

Unsurprisingly, most of the malicious containers mined the Monero cryptocurrency, which is a favourite among unscrupulous users for its enhanced privacy and anonymity. A small number also mined the Grin and Aronium cryptocurrencies as well.

Similarly, the open source XMRig miner was the favourite weapon of choice, while a small percentage used the Xmr-stack miner.

Interestingly, Sasson observed that the malicious uploaders had tagged their tained images with operating system and CPU architectures to deliver optimized payloads.

“The only thing that is common for all the tags in a certain image is the crypto wallet address or the mining pool credentials,” says Sasson who then inspected their mining pool information to estimate the worth of the total cryptocurrency mined using the tainted images.


Possibly Related Threads…
Thread Author Replies Views Last Post
  QBot phishing uses Windows Calculator sideloading to infect devices mrtrout 0 331 07-25-2022 , 01:25 AM
Last Post: mrtrout
  New Android malware on Google Play installed 3 million times mrtrout 0 292 07-14-2022 , 02:55 AM
Last Post: mrtrout
  Couple arrested for secretly installing cryptomining software on department store P mrtrout 0 264 11-27-2021 , 04:21 AM
Last Post: mrtrout
  DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence Mohammad.Poorya 0 446 02-17-2021 , 12:29 PM
Last Post: Mohammad.Poorya
  Coronavirus domains 50% more likely to infect your system with malware dhruv2193 0 1,221 03-07-2020 , 02:29 PM
Last Post: dhruv2193

Forum Jump:

Users browsing this thread: 1 Guest(s)