A novel attack vector allows for adversaries to abuse the Docker API to hide malware and even execute remote code. The attack was developed by researchers at Aqua Security. The technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security. The attack is multistage. Step one involves luring the developer running Docker for Windows to an attacker-controlled webpage that hosts a specially crafted JavaScript. The JavaScript is able to bypass a browser s Same Origin Policy security, a data protection feature found on modern browsers.
Source: https://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-malware/126992/