PaloAltoNetworksthreatintelligenceteamUnit42researchersrecentlydiscoveredthatmultiplecontainerimagesonDockerHubwerehijackedbyminingsoftwareforatleasttwoyearsIthasbeenaroundforalongtimeandhasbeendownloadedmorethan20milliontimes.DockerHubisthelargestrepositoryofcontainerapplicationsthroughwhichenterprisescanshareimagesinternallyorwiththeircustomers,andwherethedevelopercommunitycandistributeopensourceprojects.Unit42的研究人员AvivSasson在DockerHub上发现了30个参与加密货币挖矿劫持操作的恶意映像:021982/155_138021982/66_42_53_57021982/66_42_93_164021982/xmrig021982/xmrig1021982/xmrig2021982/xmrig3021982/xmrig4021982/xmrig5021982/xmrig6021982/xmrig7??avfinder/gmdravfinder/mdadmddocheck/axdocheck/healthdockerxmrig/proxy1dockerxmrig/proxy2ggcloud1/ggcloudggcloud2/ggcloudkblockdkblockd/kblockdosekugatty/picture124osekugatty/picture128tempsbro/tempsbrotempsbro/tempsbro1toradmanfrom/toradmanfromtoradmanfrom/toradmanfrom1xmrigdocker/docker2xmrigdocker/docker3xmrigdocker/xmrigzenidine/nizadamTheresearchersfoundthattheycamefrom10differentuseraccounts.其中一些名称清楚地表明了它们的用途,而另一些名称则具有误导性,例如“proxy”或“ggcloud”或“docker”。在撰写本文时,除了一个名为xmrigdocker的帐户删除了图像文件之外,所有帐户的图像在DockerHub上仍然可用。在大多数情况下,劫持攻击者选择挖门罗币,而XMRig是最受欢迎的门罗币挖矿工具。然而,Sasson发现一些操作也会挖Grin(GRIN)或ARO(Aronium)币:研究人员在检查矿池数据后估计,在这次容器挖矿劫持活动中,攻击者能够挖出价值约200,000美元的币。加密货币。【本文为专栏作者“安安牛”原创文章,转载请通过安安牛(微信公众号id:gooann-sectv)获得授权】点此查看作者更多好文
