Researchers uncovered a campaign in which the cloud-focused cryptojacking group TeamTNT is deploying malicious container images hosted on Docker Hub with an embedded script to download testing tools used for banner grabbing and port scanning. Threat actors scan for targets in the victims subnet and perform malicious activities using the scanning tools inside the malicious Docker image. The group has been scanning for and compromising Kubernetes clusters in the wild, according to a Trend Micro report. The researchers say, “Another Docker image from the repositor, basicxmr has been downloaded more than 100,000 times.”]
Source: https://www.cuinfosecurity.com/teamtnt-deploys-malicious-docker-image-on-docker-hub-a-17766