The cloud-focused cryptojacking group TeamTNT is known for targeting Amazon Web Services credential files on compromised cloud systems to mine for the cryptocurrency Monero. The group has been scanning for and compromising Kubernetes clusters in the wild, according to a Trend Micro report. The malicious Docker image was hosted in Docker Hub under the name alpineos, a community user who joined Docker Hub on May 26, 2021. At the time of the research was published, the profile was hosting 25 Docker images. Researchers uncovered 5,400 downloads within approximately two weeks of the image being added.”]
Source: https://www.govinfosecurity.com/teamtnt-deploys-malicious-docker-image-on-docker-hub-a-17766

