A new cryptojacking worm dubbed Graboid has infected more than 2,000 unsecured Docker Engine (Community Edition) hosts so far. The worm looks to mine the Monero cryptocurrency. The initial malicious Docker image has been downloaded more than 10,000 times, with the worm itself downloading more than 6,500 times, according to Unit 42 researchers. Administrators can spot infections by looking for the presence of an image called gakeaws/nginx in the image build history.
Source: https://threatpost.com/docker-containers-graboid-crypto-worm/149235/