Trend Micro Attacks on Cryptomining Docker


In a recent occurrence of events, it is made known that within a Docker container, a malicious payload was encountered; the payload was specifically designed to escape from a privileged container in a way that would allow malware to infect all the workloads running on a host machine.

Many of the attacks found included the manipulation of images of containers to execute malicious functions
Many of the attacks found included the manipulation of images of containers to execute malicious functions
Key Facts
  1. 1

    In 2013, Docker Inc. was founded to support a commercial edition of the software for container management and to be the key supporter of an open-source version.

  2. 2

    A 2019 survey shows that 89 percent of software developers agree that microservices are vital for businesses in an ever-changing digital environment to stay competitive. Thus, an increasing number of enterprises and organizations adopting the microservice architecture for simplicity and flexibility.

  3. 3

    Malicious actors are targeting and discovering new ways to compromise containers and cloud environments with popular DevOps technologies.


Cryptocurrency, in the last few months, has been making the headlines in major news updates. However, in both the literature and in the wild, a new cybersecurity attack, where an attacker secretly runs crypto-mining software over the computers of unaware users, is developing. Given the simplicity of running a crypto-client into a target system, this attack, known as cryptojacking, has proved to be very effective.

As many users want much profit from the crypto sphere, unfortunately, threat actors now target docker via container escape features. Docker, an open-source software framework for the development, deployment, and management of virtualized application containers, with an ecosystem of allied resources, on a common operating system (OS).

Any type of crypto-jacking malware used by cybercriminals to suddenly mine digital currency is usually required in most of the compromises involving Docker containers (at least those that have been disclosed). Many IT professionals tend to view these breaches as the digital equivalent of a victimless crime, especially when a cloud service provider belongs to the infrastructure that is compromised.

A wide variety of possible risks to DevOps pipelines have resulted from increased container adoption. Many of the attacks found included the manipulation of images of containers to execute malicious functions. Recently, Prevasio, a start-up in cybersecurity, reported that it has completed the scanning at Docker Hub of 4 million container images. There are critical vulnerabilities in almost 51 percent of the images, and nearly 6,500 of them can be considered malicious.

Prevasio's research indicated that, in particular, the Linux OS and Linux containers were not resistant to safety risks. Almost half of all Docker Hub hosted container images contained one or more critical vulnerabilities and were potentially open to exploitation. There were no disclosed vulnerabilities in just one-fifth of all the images tested by the startup.

Defending against Docker-related threats and attacks is not a herculean task. The discovery of yet another threat that compromises Docker containers should remind development teams to avoid exposing Docker Daemon ports to the public internet. To avoid possible security risks and attacks, development teams should also consider using only official Docker images.

Regrettably, it's more a matter of how and when, rather than whether containerized applications will be compromised. The harm inflicted would hopefully remain relatively minor, but most cybersecurity experts will certainly not bet on it.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …