HQ/EMEAFind out how we can help your business
Recent reports reveal that over 1,600 Docker Hub images available in public hide malicious content uploaded by threat actors, including backdoors, DNS hijackers, website redirectors, and cryptocurrency miners. As a public repository that allows users to freely upload, download, and search images in cloud-based container libraries, threat actors utilised Docker Hub for their malicious activities.
Templates in Docker Hub images also allow users to create containers containing previously prepared code and applications quickly. Docker Hub has been helpful for users that want to set up new instances to find easily deployable apps.
Over a thousand malicious uploads were spotted in Docker Hub images as threat actors found ways to abuse it.
Analysts stated that threat actors abusing the image library services had posed increased risks to unsuspecting users by deploying malware-laden images inside public cloud-based containers. These attackers disguise the images using the names of popular software, projects, or apps, which users could easily trust, exposing them to a potential cyberattack.
Moreover, after the threat analysts examined about 250,000 unverified Linux images, they found that 1,652 were infected with malicious content, such as malware and cryptocurrency miners. Most of these infected images contained crypto miners, with about 608 of them.
On the other hand, 281 of these images hid embedded secrets from threat actors, including SSH keys, GitHub tokens, AWS credentials, and NPM tokens. It was presumed that the attackers may have unintentionally published the malicious content to millions of users or that they did it on purpose to lure victims.
This year, about 61% of all the images come from public repositories. This rate was about a 15% rise from stats in 2021, implying the rise of risks posed toward users. The operators of these Docker Hub public libraries cannot fully examine all images uploaded daily. Therefore, many of them that could potentially be hiding malicious content go unreported to the admins.
