JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

From jfrog.com

As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog’s security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats.

In former publications, we have discussed some of the malware packages we found on the NPMPyPI and NuGet registries by continuously scanning all major public repositories. In this blog post, we reveal three large-scale malware campaigns we’ve recently discovered, targeting Docker Hub, that planted millions of  “imageless” repositories with malicious metadata. These are repositories that do not contain container images (and as such cannot be run in a Docker engine or Kubernetes cluster) but instead contain metadata that is malicious.

Read more…