Malicious Docker Hub containers infect 20 million with cryptomining malware
Public cloud images can deliver cryptomining malware without much effort
Security researchers have chanced upon a novel cryptomining operation that’s estimated to have netted its authors over $200,000.
Instead of planting cryptomining malware via complex campaigns, cybercriminals simply rolled them inside dozens of container images that have since clocked over 20 million downloads.
Armed with a simple a cryptomining scanner, Palo Alto Networks Unit42 researcher Aviv Sasson discovered 30 malicious images on Docker Hub, which leads him to believe that there “are many other undiscovered malicious images on Docker Hub and other public registries.”
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- These are the best endpoint protection tools
- Check our list of the best firewall apps and services
- We've built a list of the best antivirus services around
Lucrative target
Sasson found tainted containers from ten different accounts. He believes piggybacking cryptomining malware inside container images is lucrative since they are hardly inspected when pulled from reputable registries such Docker Hub.
Unsurprisingly, most of the malicious containers mined the Monero cryptocurrency, which is a favourite among unscrupulous users for its enhanced privacy and anonymity. A small number also mined the Grin and Aronium cryptocurrencies as well.
Similarly, the open source XMRig miner was the favourite weapon of choice, while a small percentage used the Xmr-stack miner.
Interestingly, Sasson observed that the malicious uploaders had tagged their tained images with operating system and CPU architectures to deliver optimized payloads.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The only thing that is common for all the tags in a certain image is the crypto wallet address or the mining pool credentials,” says Sasson who then inspected their mining pool information to estimate the worth of the total cryptocurrency mined using the tainted images.
- These are the best ransomware protection tools
Via: BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.