DOCKER deletes 17 malicious container images
A recent report released by the German security company pointed out that the popular container platform DOKERER had 17 malicious container images containing mining and backdoor programs.
These malicious containers carrying backdoors all come from an account named DOCKER123321, and these containers have accumulated more than 5 million downloads.
The Docker official has removed these container images after receiving the feedback. Developers should also check whether they have mounted the container image carrying the back door.
After analysis, the security company found that most of these container images deploy in the background and the mining process was running in the background. These mining procedures have now received 544 Monero coins.
In accordance with the market price, this Monero equivalent to $90000, and such a high level of income is naturally related to obtaining up to 5 million cumulative downloads.
At the same time, some container images contain both the mining program and the backdoor program. The attacker can directly control the container to steal data through the backdoor program.
In the past year, many developers complained about this through social networks, although they were not aware of the existence of backdoors the resources were occupied.
Developers are advised to check whether the following containers are used:
| Excavation and backdoor containers exist | ||
| Docker123321/tomcat | Docker123321/kk | Docker123321/mysql0 |
| Docker123321/tomcat11 | Docker123321/mysql | Docker123321/cron |
| Docker123321/tomcat22 | Docker123321/data | Docker123321/cronm |
| Docker123321/cronnn | Docker123321/t1 | Docker123321/t2 |
| Docker123321/mysql2 | Docker123321/mysql3 | Docker123321/mysql4 |
| Docker123321/mysql5 | Docker123321/mysql6 | |
