Millions of Docker Hub Repositories Found Pushing Malware

/in


It has been found that almost one-fifth of the repositories on Docker Hub, a popular platform for developers to store and share containerized applications, have been exploited to spread malicious software and phishing scams.

This is a concerning discovery for users who rely on Docker Hub to access and distribute secure software.

This discovery, made by the vigilant security research team at JFrog, highlights the sophisticated strategies employed by cybercriminals to exploit the credibility of Docker Hub’s platform, thereby complicating the detection of phishing and malware deployment attempts.

Docker Hub, a pivotal component of the software development landscape, has been compromised with almost three million malicious repositories, some of which have been active for over three years.

This extensive misuse of the platform calls for enhanced moderation and vigilance to safeguard the integrity of the software ecosystem.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Malicious Docker Hub Containers

JFrog’s security research team has been proactively monitoring open-source software registries as part of its continuous endeavor to fortify the software ecosystem.

Their efforts have previously uncovered malware packages on other major public repositories such as NPM, PyPI, and NuGet. The recent investigation into Docker Hub has unearthed three large-scale malware campaigns that cleverly planted millions of “imageless” repositories.

These repositories, devoid of container images, contain malicious metadata that traps unsuspecting users.

The distribution of these malicious repositories follows distinct patterns. The “Downloader” and “eBook Phishing” campaigns…

Source…