Article 3S8EE Backdoored images downloaded 5 million times finally removed from Docker Hub

Backdoored images downloaded 5 million times finally removed from Docker Hub

by
Dan Goodin
from Ars Technica on (#3S8EE)
skull-and-crossbones.png

Enlarge (credit: Oren neu dag / Wikimedia)

A single person or group may have made as much as $90,000 over 10 months by spreading 17 malicious images that were downloaded more than 5 million times from Docker Hub, researchers said Wednesday. The repository finally removed the submissions in May, more than eight months after receiving the first complaint.

Docker images are packages that typically include a pre-configured application running on top of an operating system. By downloading them from Docker Hub, administrators can save huge amounts of set-up time. Last July and August one or more people used the Docker Hub account docker123321 to upload three publicly available images that contained surreptitious code for mining cryptocurrencies. In September, a GitHub user complained one of the images contained a backdoor.

Eight months of inaction

Neither the Docker Hub account nor the malicious images it submitted were taken down. Over the coming months, the account went on to submit 14 more malicious images. The submissions were publicly called out two more times, once in January by security firm Sysdig and again in May by security company Fortinet. Eight days after last month's report, Docker Hub finally removed the images. The following image, provided by security firm Kromtech, shows the chronology of the campaign.

Read 4 remaining paragraphs | Comments

index?i=E-PnhvcXJDw:DeXY9bximP4:V_sGLiPB index?i=E-PnhvcXJDw:DeXY9bximP4:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica
Feed Link https://arstechnica.com/
Reply 0 comments