Hackers abuse container know-how to execute provide chain assaults

Cybercriminals have begun utilizing malicious container pictures as a method to put in cryptominers on enterprise networks although they can be used as a part of a provide chain assault concentrating on cloud native environments.

The cybersecurity agency Aqua Safety uncovered a number of provide chain assaults that use malicious container pictures to compromise their victims when its risk analysis crew, Crew Nautilus was performing its each day scan of Docker Hub for malicious exercise based on a brand new weblog publish.

The primary three container pictures the analysis crew found (thanhtudo, thieunutre and chanquaa) all execute a script referred to as dao.py which is written in Python and was beforehand utilized in a number of campaigns that leveraged typo squatting to cover their malicious container pictures on Docker Hub.

The dao.py script executes a binary referred to as xmrig that’s truly a Monero cryptocurrency miner hidden in one of many layers of the container picture.

Malicious container pictures

Two of the container pictures (openjdk and golang) found by Aqua Safety use deceptive titles to look as official container pictures from OpenJDK and Golang respectively. 

The cybercriminals behind this marketing campaign designed them in such a method {that a} busy person could by chance mistake them as official container pictures even supposing their Docker Hub accounts are usually not official. After working these container pictures, the binary xmrig is executed which hijacks community assets for cryptocurrency mining.

Though the primary two container pictures (thanhtudo and thieunutre) are doubtless meant for use as a part of a provide chain assault, the others are used primarily to mine cryptocurrency. Nonetheless although, all 5 malicious container pictures have gained over 120,000 pulls from Docker Hub.

As a way to defend your group and its community from each cryptominers and provide chain assaults, Aqua Safety recommends controlling entry to public registries, scanning container pictures for malware utilizing each static and dynamic evaluation and digitally signing container pictures to keep up picture integrity.