The cyber-criminals have gotten lucky again and have managed to make around 90 thousand dollars as a result of spreading 17 malicious images via the website Docker Hub. The website administrators were able to delete the malicious images after 8 months after the first reports started coming out.
The Docker Hub images are in fact packages which usually include attachments that have been created beforehand, working on top of the Operating System of computers. They can be downloaded from Docker Hub and administrators can save huge amount of time which would otherwise be spent on changing settings.
How Did The Docker Hub Hack Happen?
During the period of July – August, a cyber-criminal or a group of cyber-criminals have used Docker Hub’s records in order to upload images which are available for free download. These images were embedded scripts which contain cryptocurrency miner viruses. During September, one of the users of the website has issued a report for one of the 17 images that were uploaded, which followed series of events which led to the discovery of all of the images which were then deleted.
During January, this problem was publicly announced by the company Sysdig and during May, the problem reached Fortinet. Docker Hub has decided to delete the malicious images which in fact were installing a Monero miner script. But it was too late, because the malware was downloaded by around 5 million machines. The researchers started tracking how much money was mined as a result of this malware and they have established that over 545 Monero tokens were pre-mined, which at this point amounts to a round $90,000 USD.
Researchers have also warned that a lot of servers can still be compromised, since the images deletion cannot guarantee that the malware will continue to function. This is the first time where we see coin miner viruses being employed on central servers of companies and this confirms that cryptocurrency miners are a serious threat and needs to be addressed with similar counter-measures as ransomware.
N.B. If you have downloaded images from Docker Hub, we advise that you check your PC for any malware that may reside in it, preferably by running an anti-malware scan.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter