Backdoored images downloaded 5 million times finally removed from Docker Hub (ars technica)
Backdoored images downloaded 5 million times finally removed from Docker Hub (ars technica)
[Security] Posted Jun 15, 2018 11:26 UTC (Fri) by corbet
Ars technica has the
story of a set of Docker images containing cryptocurrency miners that
persisted on Docker Hub for the better part of a year — after being
discovered. "Neither the
Docker Hub account nor the malicious images it submitted were taken
down. Over the coming months, the account went on to submit 14 more
malicious images. The submissions were publicly called out two more times,
once in January by security firm Sysdig and again in May by security
company Fortinet. Eight days after last month's report, Docker Hub finally
removed the images.
"