Docker Hub deleted 17 images that contains cryptocurrencies mining malware. The identity of the owner or the owners of the account “docker123321” associated with the uploaded images is unknown.
Investigations made by the company determines that images were uploaded in August 2017, until the moment of them were eliminated, they obtained 5 million of downloaded images. An estimation about the profit obtained by the authors is about 90.000 dollars in Monero cryptocurrency.
Docker Hub alerts users to check that they are not using an infected image and that malware can continue to run even after administrators believe they have removed the malicious image. They have also published the names of the 17 compromised packages.