At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware. The most popular cryptocurrency in the instances observed by Aviv Sasson was Monero, which accounted for around 90 percent of the activity. Monero provides maximum anonymity, due to its hidden transaction paths but it s also easier to mine cost-effectively. The adversaries behind the malicious images have applied tags to them, which are used to reference different versions of the same image.
Source: https://threatpost.com/malicious-docker-cryptomining-images/165120/