More than 1600 publicly available Docker Hub images hide cryptocurrency miners, backdors, DNS interceptors and websites rehants.
doCker Hub is a cloud library of containers that allows developers to look for and upload Docker images or load their creations into a public library or personal repositories.
Researchers from Sysdig studied the problem , trying to evaluate The scale of the problem, and reported on the images found that contain malicious code. Sysdig studied 250,000 unverified Linux images and identified 1652 of them as harmful.
Types of malicious images on Docker Hub
In the first place are crypto -meters found in 608 images that used the resources of the server for mining cryptocurrency.
The second most frequency (281 image) of the phenomenon were images in which “additional information” was built into the, for example, SSH-key, accounting data AWS, GITHUB tokens, NPM tokens, etc.
Types of “secrets” built in the images of Docker
Sysdig notes that these data could be left in public images by mistake or intentionally introduced by an attacker. By embeding a SSH-key or API key in a container, a hacker can access the system after deploying a container.
Many malicious images with built -in cryptoominer used the technique