DockerHub Miner Virus – Malicious Images Downloaded 5 Million Times

The cyber-criminals have gotten lucky again and have managed to make around 90 thousand dollars as a result of spreading 17 malicious images via the website Docker Hub. The website administrators were able to delete the malicious images after 8 months after the first reports started coming out.

The Docker Hub images are in fact packages which usually include attachments that have been created beforehand, working on top of the Operating System of computers. They can be downloaded from Docker Hub and administrators can save huge amount of time which would otherwise be spent on changing settings.

How Did The Docker Hub Hack Happen?

During the period of July – August, a cyber-criminal or a group of cyber-criminals have used Docker Hub’s records in order to upload images which are available for free download. These images were embedded scripts which contain cryptocurrency miner viruses. During September, one of the users of the website has issued a report for one of the 17 images that were uploaded, which followed series of events which led to the discovery of all of the images which were then deleted.

During January, this problem was publicly announced by the company Sysdig and during May, the problem reached Fortinet. Docker Hub has decided to delete the malicious images which in fact were installing a Monero miner script. But it was too late, because the malware was downloaded by around 5 million machines. The researchers started tracking how much money was mined as a result of this malware and they have established that over 545 Monero tokens were pre-mined, which at this point amounts to a round $90,000 USD.

Researchers have also warned that a lot of servers can still be compromised, since the images deletion cannot guarantee that the malware will continue to function. This is the first time where we see coin miner viruses being employed on central servers of companies and this confirms that cryptocurrency miners are a serious threat and needs to be addressed with similar counter-measures as ransomware.

N.B. If you have downloaded images from Docker Hub, we advise that you check your PC for any malware that may reside in it, preferably by running an anti-malware scan.


Anti-Malware Scanner

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share