According to cybersecurity firm Aqua Security, a recently discovered crypto mining technique used malicious Docker images to takeover companies' computing resources to mine bitcoin. The photos were published to Docker Hub's official repository. The researchers discovered five Docker Hub container images that could be utilised in a supply chain attack against cloud-native systems. Developers use Docker, a prominent platform-as-a-service container provider for Linux and Windows devices, to help them build and package apps. According to Assaf Morag, principal data analyst at Aqua Security, the researchers discovered the infected pictures during their routine manual examination. "We regularly share this kind of information with Docker Hub and other public registries or repositories (GitHub, Bitbucket, etc)," Morag says. "Based on the information we share with Docker Hub, they conduct their investigation and decide whether or not they close the namespace. In this particular case, they closed these namespaces on the same day we had reached out to them. Docker Hub’s reaction and response time are absolutely amazing.” The first three containers discovered by the researchers - thanhtudo, thieunutre, and chanquaa - launch the Python script dao.py, which has been used in various past campaigns to obscure harmful container images in Docker Hub via typosquatting. The names of the other two container images are openjdk, and golang are. "We haven’t seen any indication that they were used in attacks in the wild but that doesn’t mean that they were or weren’t. Our goal is to shine a bright light on these container images with misleading names, saying that they contain cryptominer which is executed once you run the container, even though there is no indication in the namespace that this is the p ..
Support the originator by clicking the read the rest link below.
