A new cryptojacking botnet with self-spreading capabilities has infected over 2,000 such Docker deployments so far. The new worm has been dubbed Graboid and was distributed from Docker Hub, a public repository of Docker container images. Attackers uploaded images to Docker Hub with malicious scripts that, when executed, deployed the malware to other insecure servers. Almost 60% of the compromised Docker deployments were hosted in China, 13% in the US, and the rest in other countries. The researchers advise companies to never expose Docker Engine deployments directly to the internet without authentication.”]
Source: https://www.csoonline.com/article/3445861/cryptojacking-worm-infects-exposed-docker-deployments.html