Security researchers at JFrog have discovered three large-scale campaigns targeting Docker Hub with repositories devoid of container images, instead containing malicious metadata. Docker Hub, a platform for Docker image development, hosts over 15 million repositories and is popular among developers globally. Approximately 3.2 million repositories were found to host malicious content, ranging from spam to malware and phishing sites. JFrog identified over 4.6 million imageless repositories, with about 2.9 million involved in the malicious campaigns, all of which have been removed. These campaigns, identified through spikes in daily repository creation over the past three years, aimed to promote malicious content through attached documentation and metadata, with one campaign featuring trojan-laden repositories promoting pirated content and cheats, another offering free eBook downloads to harvest credit card information, and a third seemingly created as a stress test before launching more malicious activities.
Read more: https://www.securityweek.com/docker-hub-users-targeted-with-imageless-malicious-repositories/