Sketchy Crypto-mining Containers Removed from Docker Repository

In case you haven’t heard, Docker is shaping up to be one of the most disruptive technologies to date that are currently at our disposal. And it’s deemed as such rightly so. It has the potential to completely replace virtual machines because it’s incredibly self-sustaining, resource-efficient, and openly compatible across a wide variety of computer systems.

If you aren’t familiar with containerism, then we’ll give you the quick and simple version. See, the use of virtual machines is the current trend, because virtual machines allow for the optimal utilization of the power of a computer system.

Prior to the use of virtual machines, systems were limited to running a single process for fear that running two processes simultaneously would lead to a metaphorical tug-of-war for resources between the two processes. This would lead to crashes, of course. That used to be a serious issue because computer systems weren’t used efficiently; often, only half of the computer’s capabilities were utilized.

Virtual machines granted the ability to run multiple processes simultaneously without the risk of these processes taking resources from each other. You can say that these processes are ”quarantined” from each other, resource-wise.

Now, containers such as Docker run on the same principle as virtual machines, but to a higher degree. While processes are quarantined in virtual machines, in containerism each program (we’ll refer to this as images from here on) comes packaged with the resources required to run it. This ensures that the image can run on any system, because it already comes with the components to make it function.

These are, however, a few additional advantages from using Docker.

Now, about a few months ago, security companies Fortinet and Kromtech exposed a total of 17 Docker images that were tampered with. These Docker images were found to contain Monero Miners, which rob users of computing power in order to mine cryptocurrency.

Further investigation found that as a collective, the 17 images were downloaded at least 5 million times. This suggests that the instigators were able to inject scripts into vulnerable containers.

These tainted images were found on the Docker repository, Docker Hub. Of course, this presents a worrisome problem that exploits have been found this early. Fortunately, the images have since been removed from the repository, though it’s clear that the crypto criminals might have gotten away with as much as $90,000 from the scheme.

While I do agree that it’s a paltry amount when compared to what other unscrupulous users gain, the mere fact that they were able to tamper with images is worrying. There’s an arms race between criminals and proper users, and this has rung true for every piece of technology out there.

This is why it’s incredibly important to opt for Pro Docker Training programs to help you not only learn how to use this new tech, but to also teach you how to create and utilize secure Docker images. It’s becoming very clear that Docker is the future. Remember that time when cell phones weren’t a thing? Well, Docker is that type of technology — disruptive.

Tags : Containerscrypto-miningDocker Repositoryremoved
Payel Dutta

The author Payel Dutta

Happy soul, fond of travelling and loves to read tech columns.

Leave a Response