ClickCease 1,650 malicious Docker Hub images found posing securely threats

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

1,650 malicious Docker Hub images found posing securely threats

Obanla Opeyemi

December 7, 2022 - TuxCare expert team

After discovering malicious behaviors in 1,652 of 250,000 unverified Linux images publicly available on Docker Hub, security researchers have warned developers of the risks of using shared container images. Cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors are some of the hidden malicious behaviors.

Docker Hub, is a cloud-based container library that allows users to freely search for and download Docker images, as well as upload their creations to the public library or personal repositories. Containers, on the other hand, are simple to deploy and scale across various computing environments, and DevOps teams frequently use publicly available container images shared by others to reduce time-to-market.

It should be noted that Docker Hub is the most popular free container registry, and Docker images are templates for quickly and easily creating containers with ready-to-use code and applications. As a result, those looking to start new instances frequently use Docker Hub to find an easily deployable application.

According to a Sysdig report, cryptominers accounted for the greatest number of malicious images, followed by images containing embedded secrets such as SSH keys, Amazon Web Services credentials, GitHub tokens, and NPM tokens. According to Sysdig researchers, the injection of embedded secrets on public images could be accidental or intentional.

“By embedding an SSH key or an API key into the container, the attacker can gain access once the container is deployed… For instance, uploading a public key to a remote server allows the owners of the corresponding private key to open a shell and run commands via SSH, similar to implanting a backdoor,” Sysdig said. It goes on to say that threat actors are hiding malware in legitimate-looking Docker Hub images. Despite the fact that the number of malicious containers discovered was a small percentage of the 250,000 examined during the research, it demonstrates the potential risk to developers. Furthermore, the methods described by Sysdig are specifically targeted at cloud and container workloads.

Typosquatting has also been used to disguise cryptominer-laced images as trusted images. The security risk posed by Docker Hub images is only expected to grow as the platform’s use of public repository-based images grows.

The sources for this piece include an article in BleepingComputer.

Watch this news on our Youtube channel: https://www.youtube.com/watch?v=KCXufqB4_qI

Summary
1,650 malicious Docker Hub images found posing securely threats
Article Name
1,650 malicious Docker Hub images found posing securely threats
Description
Security researchers discover malicious behaviors in 1,652 of 250,000 unverified Linux images publicly available on Docker Hub.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023