Quote:At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis.
The malicious images (spread across 10 different Docker Hub accounts) have raked in around $200,000 from cryptomining, according to Aviv Sasson, researcher with Palo Alto Networks’ Unit 42, who found and reported the malicious activity.
The most popular cryptocurrency in the instances observed by Sasson was Monero, which accounted for around 90 percent of the activity. Monero not only provides “maximum anonymity,” as Sasson explained in a recent blog posting, due to its hidden transaction paths – but it’s also easier to mine cost-effectively. Monero crypto-operations can run on any machine, unlike, say, Bitcoin, which can require something like a GPU with its better processing speed to mine economically.
In most attacks that mine Monero, the attackers used the well-worn XMRig off-the-shelf miner, Sasson found.
“XMRig is a popular Monero miner and is preferred by attackers because it’s easy to use, efficient and, most importantly, open source,” he explained. “Hence, attackers can modify its code. For example, most Monero cryptominers forcibly donate some percentage of their mining time to the miner’s developers. One common modification attackers make is to change the donation percentage to zero.”
Two other cryptocurrencies were found in the mining pools: Grin, accounting for 6.5 of the activity, and Arionum, accounting for 3.2 percent.
Read more: Malicious Docker Cryptomining Images Rack Up 20M Downloads | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
