Home » Malwares » News Room » Malicious Docker Hub containers infect cloud images with cryptomining malware

Malicious Docker Hub containers infect cloud images with cryptomining malware

Disclosure: All information on this site is harmless and purely for educational purposes which is why we post only authentic, unbiased information! The affiliate links are really there for discounts for our readers and for us to earn small commissions that help us stay afloat! Thanks!

The public cloud is getting vulnerable day by day. It is now found that the cryptomining malware can be spread through the public cloud images without much effort.

According to a new analysis, almost 30 malicious images in Docker Hub with 20 million downloads spreads cryptomining malware. To your knowledge, Docker Hub is one of the most extensive libraries for container applications. It allows different companies to share images with their customers or with the developer community to distribute open-source projects. 

Aviv Sasson was the person behind this revelation. He was part of the Palo Alto Networks threat intelligence team that discovered the malicious images involved in spreading cryptomining malware.

The security researchers have found that this cryptomining operation generated more than $200,000 revenue for the cyber-crooks. Rather than planting the cryptomining malware through complex campaigns, the hackers put them inside the container images. It is an effective tactic as it reached over 20 million downloads.

The researchers said that they came from ten different accounts. Some accounts’ names indicate their purpose, while others have names that can mislead the person. Such names include docker, proxy, and ggcloud. 

Usually, the hackers’ operation works for Monero cryptocurrency, and for this, XMRig is the most preferred tool to use. After this attack, Sasson concluded that some operations attempted GRIN or Aronium (ARO) cryptocurrency.

 Besides this, Sasson also found tainted containers from 10 different accounts. He thinks piggybacking cryptomining malware inside the container images is lucrative. They are tough to inspect when pulled from any prominent and well-known registries like Docker Hub.

Since 2018, Docker-based cryptomining attacks are on the rise. Sasson explained it is because of the amount of horsepower for mining operations that the cloud can deliver. 

Cryptomining malware poses a significant threat and can cause substantial harm to your business. By implementing a network monitoring system, imparting education, keeping the systems updated, and making great use of ad-blockers, you can minimize the risk of cryptomining malware.


Unlock the power of online security with our in-depth reviews and expert insights. Discover the best VPNs, password managers, and privacy tools to safeguard your digital world.