• Google

    Backdoored images downloaded 5 million times finally removed from Docker Hub /Link

    17 images posted by a single account over 10 months may have generated $90,000.

    Enlarge (credit: Oren neu dag / Wikimedia)

    A single person or group may have made as much as $90,000 over 10 months by spreading 17 malicious images that were downloaded more than 5 million times from Docker Hub, researchers said Wednesday. The repository finally removed the submissions in May, more than eight months after receiving the first complaint.

    Docker images are packages that typically include a pre-configured application running on top of an operating system. By downloading them from Docker Hub, administrators can save huge amounts of set-up time. Last July and August one or more people used the Docker Hub account docker123321 to upload three publicly available images that contained surreptitious code for mining cryptocurrencies. In September, a GitHub user complained one of the images contained a backdoor.

    Eight months of inaction

    Neither the Docker Hub account nor the malicious images it submitted were taken down. Over the the coming months, the account went on to submit 14 more malicious images. The submissions were publicly called out two more times, once in January by security firm Sysdig and again in May by security company Fortinet. Eight days after last month's report, Docker Hub finally removed the images. The following image, provided by security firm Kromtech, shows the chronology of the campaign.

    Read 4 remaining paragraphs | Comments

    (@)Dan Goodin

    Published on 14 Jun 2018 at 03:10AM

  • Recent Posts