17 Backdoored Images Downloaded 5 Million Times Removed From Docker Hub

An anonymous reader writes: "The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year," reports Bleeping Computer. "The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers." The images, downloaded over 5 million times, helped crooks mine Monero worth over $90,000 at today's exchange rate. Docker Hub is now just the latest package repository to feature backdoored libraries, after npm and PyPl. Docker Hub is now facing criticism for taking months to intervene after user reports, and then going on stage at a developer conference and claiming they care about security.

Unbelievable

[Ozan]

Using Docker in production my heart skipped a beat when I read the headline. But then...

All 17 images were uploaded on the Docker Hub portal by the same person/group, using the pseudonym of "docker123321."

WHO THE FUCK pulls an image called docker123321/tomcat22 ?

Re:So you are saying ...

[sjames]

That depends on the container, but yes. The spec of a container can include direct access to host resources, including directories, or not. Adding to the fun, if you grant a user sufficient access to docker to run their own images, you have effectively granted them root.