17 Backdoored Images Downloaded 5 Million Times Removed From Docker Hub

An anonymous reader writes: "The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year," reports Bleeping Computer. "The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers." The images, downloaded over 5 million times, helped crooks mine Monero worth over $90,000 at today's exchange rate. Docker Hub is now just the latest package repository to feature backdoored libraries, after npm and PyPl. Docker Hub is now facing criticism for taking months to intervene after user reports, and then going on stage at a developer conference and claiming they care about security.

justification

[encrypted]

I have always been too picky to trust peoples images, if theres something I want to use I will build it myself and store it on my private docker repo. Building your business on something anyone can just upload or change seems dangerous. I started to wonder if extra work really made sense, apparently yes.