Security News > 2020 > June > Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service attacks and mine cryptocurrencies.

According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.

The now taken down Docker Hub account, named "Azurenql," consisted of eight repositories hosting six malicious images capable of mining Monero, a privacy-focused cryptocurrency.

The XOR DDoS malware strain works by searching for hosts with exposed Docker API ports, followed by sending a command to list all the containers hosted on the target server, and subsequently compromising them with the XORDDoS malware.

"While the XOR DDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will house its DDoS malware," the researchers said, noting the difference between the two malware variants.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Hxwxfq3o9s4/cryptocurrency-docker-image.html