Cryptomining attacks are increasing rapidly, attackers use to compromise servers, personal computers, Chrome extensions and web portals to mine cryptocurrencies such as Monero.
A series of malicious crypto jacking files that were stored on Docker Hub, a code repository site, has been downloaded more than 5 million times over the last year, helping a hacker infect countless computers that were used to mine about $90,000 worth of Monero, according to research from cyber security company Kromtech.
Docker Hub is an open platform for application developers and system admins to pack, ship and run application anywhere, it was initially released in March 2013.
Monero is a popular cryptocurrency that’s become known for its usage among cyber criminals.
In a blog post published Tuesday, Kromtech discussed how the boobytrapped files had remained on Docker Hub for so long despite being noticed and reported multiple times.
According to Kromtech, On May 10th Docker hud deleted a docker registry “docker123321” which contain’s 17 malicious docker images, about a week after Fortinet published its report. But it had been at least eight months since people first started reporting the malicious images.
The files, once downloaded by victims from Docker Hub, will run scripts that give the attacker persistent access to the victim’s server, allowing them to run whatever code they want. In this case, the focus was on mining Monero using the victims’ computing power.
Kromtech says that a Monero wallet address linked to the attackers managed to collected upwards of 544 units of Monero, worth roughly$90,000.
While the images have now been removed from Docker Hub, but they could potentially still be exploiting other servers of victims that already accessed them.
Kromtech warns users to vet images befor pulling them, given how easily hackers, in this case, were able to exploit victims.
In February, Tesla was revealed to have fallen victim to a crypto jacking scheme through Kubernetes, another tool uses to configure containerized applications.