Researchers from Palo Alto Network’s Unit 42 research group have discovered 30 images on Docker Hub embedded with Cryptominers. While most of these miners were embedded with XMRig for Monero mining, Arionum and Grin were also used. In the past, Docker Hub has been used as a central source to disguise images as legitimate applications to hide malware including cryptominers. According to Palo Alto, between the 30 infected images, there were over 20 million downloads, which accumulated about $200,000 in collections for the threat actors controlling the Monero wallets.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased