SYSDIG, which develops the same name open tools to analyze the system, Published Results research more than 250 thousand images of Linux containers located in the Docker Hub catalog without a sign of a verified or official image. As a result, 1652 images were classified as harmful.
In 608 images, components for mining cryptocurrencies were identified, in 288, access tokens (in 155 SSH switch, in 146 tokens to AWS, in 134 tokens to GitHub, in 24 tokens for the API NPM) were left. Bypassing of inter -sewn screens through the proxy, recently registered domains appeared in 134, 129 were addressed to sites recognized as malicious.
Some images with cryptocurrency miners used names that include the names of well -known open projects, such as Ubuntu, Golang, Joomla, Liferey and Drupal, or using the Typskvotynt method (purpose of similar names that differ in separate symbols). Of the most popular malicious images, Vibersastra/Ubuntu and Vibersastra/Golang are highlighted, which were loaded more than 10 thousand and 6900 times, respectively.