DockerHub Miner Virus – Malicious Images Downloaded 5 Million Times

The cyber-criminals have gotten lucky again and have managed to make around 90 thousand dollars as a result of spreading 17 malicious images via the website Docker Hub. The website administrators were able to delete the malicious images after 8 months after the first reports started coming out.

The Docker Hub images are in fact packages which usually include attachments that have been created beforehand, working on top of the Operating System of computers. They can be downloaded from Docker Hub and administrators can save huge amount of time which would otherwise be spent on changing settings.

How Did The Docker Hub Hack Happen?

During the period of July – August, a cyber-criminal or a group of cyber-criminals have used Docker Hub’s records in order to upload images which are available for free download. These images were embedded scripts which contain cryptocurrency miner viruses. During September, one of the users of the website has issued a report for one of the 17 images that were uploaded, which followed series of events which led to the discovery of all of the images which were then deleted.

During January, this problem was publicly announced by the company Sysdig and during May, the problem reached Fortinet. Docker Hub has decided to delete the malicious images which in fact were installing a Monero miner script. But it was too late, because the malware was downloaded by around 5 million machines. The researchers started tracking how much money was mined as a result of this malware and they have established that over 545 Monero tokens were pre-mined, which at this point amounts to a round $90,000 USD.

Researchers have also warned that a lot of servers can still be compromised, since the images deletion cannot guarantee that the malware will continue to function. This is (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Vencislav Krustev. Read the original post at: