JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories
JFrog and Docker collaborate on mitigation and cleanup following latest findings of Docker Hub Repositories being used to spread malware and phishing scams
By Andrey Polkovnichenko, Security Researcher Brian Moussalli, Malware Research Team Leader Shachar Menashe, Senior Director Security Research April 30, 2024
As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog’s security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats.
In former publications, we have discussed some of the malware packages we found on the NPM, PyPI and NuGet registries by continuously scanning all major public repositories. In this blog post, we reveal three large-scale malware campaigns we’ve recently discovered, targeting Docker Hub, that planted millions of “imageless” repositories with malicious metadata. These are repositories that do not contain container images (and as such cannot be run in a Docker engine or Kubernetes cluster) but instead contain metadata that is malicious.
