17 Cryptomining Malware Installed 5M Times From Docker Hub

According to security firm Kromtech, at least one popular Docker image distribution site called Docker Hub allowed as many as 17 malicious Docker images to be downloaded more than five million times over a ten-month span. For those who may not be aware, Docker images serve as a cloud-based pre-configured application running in a contained environment. The images in question, which were made publicly available by an account under the handle "docker123321" were first complained about a full eight months prior to being taken down in May. Unbeknownst to those who downloaded the images, first uploaded in July through August of last year, each contained hidden applications which were designed specifically to mine cryptocurrencies.

The first complaint, via Git Hub, occurred just months later in September. Further complaints were made in January and early May of this year - reported by security firms Sysdig and Fortinet, respectively. Despite those reports, however, the malicious Docker image shenanigans apparently went on until the account was finally deleted by Docker Hub in mid-May. As a result, docker123321 was able to accrue approximately 544.74 Monero. As of this writing, that's right around $90,000 worth of the cryptocurrency. Perhaps worse, although the images were removed from Docker Hub, they could still be enabled on any server where they were installed. For clarity, each of the seventeen Docker images, as uploaded on Docker Hub was named according to the uploader's account name. In this case, that means they are all named "docker123321/" followed by the name of the image. The images included are reported by Kromtech as being named, tomcat, tomcat11, tomcat22, kk, mysql, data, mysql0, cron, cronm, cronnn, t1, t2, mysql2, mysql3, mysql4, mysql5, and mysql6. It goes without saying that Docker Hub users who may have installed the Docker images will want to ensure that they double check to prevent slowdowns and other problems caused by the malicious cryptocurrency mining application.

In the meantime, one this appears to have taken so long to fix seems to be the difficult nature of reporting malicious uploads on Docker Hub. According to Kromtech, that has shown to be a major complaint on Git Hub. In fact, there may be even more complaints about this most recent run of bad Docker images which have previously gone unnoticed. What's more, there appear to be a significant number of Monero mining Docker images uploaded to the site on what appears to be a fairly regular basis. At very least, this is not an isolated incident for tech-savvy users taking advantage of Docker Hub. Having said that, Docker Hub is not alone in what it does by any means. So this may be something that it will need to address in the near future.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

Daniel Golightly

Senior Staff Writer
Daniel has been writing for AndroidHeadlines since 2016. As a Senior Staff Writer for the site, Daniel specializes in reviewing a diverse range of technology products and covering topics related to Chrome OS and Chromebooks. Daniel holds a Bachelor’s Degree in Software Engineering and has a background in Writing and Graphics Design that drives his passion for Android, Google products, the science behind the technology, and the direction it's heading. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now