Researchers Found Images on Docker Hub That Contained Cryptominers Akshaya Asokan (asokan_akshaya) • June 26, 2020
A recently uncovered cryptomining scheme used malicious Docker images to hide cryptocurrency mining code, according to Palo Alto Networks’ Unit 42. These images were uploaded to the legitimate Docker Hub repository.
The Unit 42 researchers identified six variants of this Docker image that contained the XMRig cryptominer, which enabled hackers to mine Monero from compromised Docker containers.
These images, which were hosted in an account on the official Docker Hub repository, had been downloaded over 2 million times. One of the crypto wallets associated with the hackers contained approximately 525 Monero virtual coins that were worth about $36,000, the report notes.
While it is unclear who’s behind the scheme, the Unit 42 researchers found that the malicious Docker Hub account was created and activated in October 2019 and was primarily used to distribute the images. Docker took down the account after it was notified by Unit 42, according to the report.