Security News > 2024 > April > Millions of Docker repos found pushing malware, phishing sites
Three large-scale campaigns targeted Docker Hub users, planting millions of repositories that pushed malware and phishing sites since early 2021.
As JFrog security researchers found, around 20% of the 15 million repositories hosted by Docker Hub contained malicious content, ranging from spam to dangerous malware and phishing sites.
The researchers discovered almost 4.6 million repositories containing no Docker images-which couldn't be run using a Kubernetes cluster or a Docker engine-and linked approximately 2.81 million to three large malicious campaigns.
In addition to the large campaigns, smaller repositories with less than 1000 packages were created in other campaigns, primarily focusing on pushing spam and SEO content.
Docker has since removed all the repositories from Docker Hub.
"Unlike typical attacks targeting developers and organizations directly, the attackers in this case tried to leverage Docker Hub's platform credibility, making it more difficult to identify the phishing and malware installation attempts," JFrog added.