Docker Hub is used by hackers to spread Cryptojacking malware
Docker is becoming increasingly popular with developers as packaging services and deploying software applications. Therefore, black-hat hackers focused their attacks on exposed Dock end APIs to create infected Docker Images. From there, hackers can deploy DDoS attacks and run unauthorized cryptocurrency mining applications on the victim's system.
As reported by Palo Alto Networks Unit 42, a cyber security threat researcher, hackers make a profit by deploying cryptocurrency mining software using Docker Containers. Moreover, they take advantage of the Docker Hub repository itself to spread malicious Docker Images.

Unit 42 reports: "The Docker Container is a convenient method, which makes it easier for programmers to package the software, so more and more programmers use it. Therefore, hackers easily distribute exploit software. mining cryptocurrency to machines with Docker software. Immediately, the victim's system will be used to illegally mine cryptocurrency .
Docker is a well-known solution platform (PaaS) for Linux and Windows, allowing developers to deploy, test and package their applications in virtualized environments. This helps applications operate separately from the server system that contains it.
In the "azurenql" account, which has now been removed from the Docker Hub, researchers discovered 8 Docker Images containing malicious code capable of mining Moreno cryptocurrency. The author of this malicious code uses a Python script to activate the virtual currency mining malware and use anonymous internet access tools like ProxyChains and Tor to avoid being detected.

Since its launch in October 2019, the Docker Images of "azurenql" accounts have been conducting virtual currency mining more than 2 million times. In one of the e-wallets associated with this campaign, researchers found virtual money worth $ 36,000 (838 million).
DDoS attack
Not only that, in a recent scan, Trend Micro researchers discovered that Docker's unprotected servers are being attacked by at least two malicious code, XOR DDoS and Kaiji. These malware will collect the victim's system information and perform DDoS attacks.
The researchers stated: "Hackers often use botnets to perform brute-force after scanning the Secure Shell (SSH) and Telnet left open. Now, hackers are still looking for the machine Docker host with port 2375 unprotected ".
Although there are different methods of DDoS attack, both XOR DDoS and Kanji collect data such as domain name, network speed, identification of running processes and information about the system's CPU. These are all necessary information for DDoS campaigns.
Experts recommend that users and businesses using Docker should immediately check if their API endpoints are exposed on the internet. In addition, you need to close all ports on the Docker server as well as enforce the highest level of security measures for the entire system.
You should read it
- 10 Best Docker Alternatives 2022
- How to Containerize a Nest.js Application Using Docker and Docker Compose
- How to run Docker on Raspberry Pi
- Common commands in Docker
- 6 reasons to use Docker virtualization software
- 5 useful tips to learn Docker in 2018
- How to safely check desktop applications with Docker
- Containerize Go App with Docker
May be interested
- How to find open and blocked TCP / UDP portsmost likely you are reading this article because an application you are trying to run indicates a port is blocked or you have read the documentation that leaving certain ports open on the network could cause security issues.
- Set up Windows Server 2016 with a static IP addressif you are setting up windows server 2016 as a domain controller or doing any other production server functionality on the network, you should set it up with a static ip address.
- How to open a port with Windows Firewall in Windows 10if an application or program requires a specific port to be opened, here's how you can use windows firewall to open a port in windows 10.
- The security of the webcam is extremely simplemany webcams have an indicator light that shows when the camera is recording a video. however, hackers can trick users into installing spyware, disabling this activity indicator by hacking software or modifying configuration settings.
- Kaspersky Security Cloud guide to install Kaspersky Security Cloud for freeexcept for the paid versions for users in high demand, kaspersky also has a free antivirus version kaspersky security cloud for users with basic needs.
- Can your iPhone be hacked or not?for a long time, the iphone has been known as a strong security device thanks to the closedness of the software and hardware ecosystem. however, no device is perfect when it comes to security.