.png)
BOOK THIS SPACE FOR AD
ARTICLE ADThis article has been indexed from E Hacking News – Latest Hacker News and IT Security News
According to cybersecurity firm Aqua Security, a recently discovered crypto mining technique used malicious Docker images to takeover companies’ computing resources to mine bitcoin.
The photos were published to Docker Hub’s official repository. The researchers discovered five Docker Hub container images that could be utilised in a supply chain attack against cloud-native systems. Developers use Docker, a prominent platform-as-a-service container provider for Linux and Windows devices, to help them build and package apps.
According to Assaf Morag, principal data analyst at Aqua Security, the researchers discovered the infected pictures during their routine manual examination.
“We regularly share this kind of information with Docker Hub and other public registries or repositories (GitHub, Bitbucket, etc),” Morag says.
“Based on the information we share with Docker Hub, they conduct their investigation and decide whether or not they close the namespace. In this particular case, they closed these namespaces on the same day we had reached out to them. Docker Hub’s reaction and response time are absolutely amazing.”
The first three containers discovered by the researchers – thanhtudo, thieunutre, and chanquaa – launch the Python script dao.py, which has been used in various past campaigns to obscure harmful container images in Docker Hub via typosquatting. The names of the other two container images are openjdk, and golang are.
Bengali (Bangladesh) · 
English (United States) ·