Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams
May 2, 2024, 11:13 a.m.
Description
This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malicious repositories were planted to spread malware and phishing scams. It analyzes three major malware campaigns, dubbed 'Downloader', 'eBook Phishing', and 'Website SEO', that exploited Docker Hub's repository documentation feature. The report provides insights into the attackers' tactics, techniques, and infrastructure, highlighting the challenges of moderating open platforms.
Tags
Date
- Created: May 1, 2024, 7:59 p.m.
- Published: May 1, 2024, 7:59 p.m.
- Modified: May 2, 2024, 11:13 a.m.
Indicators
- https://urlgo.in/
- https://urlin.us/2vwNSW
- https://gohhs.com/'+c
- https://gohhs.com/'
- http://soneservice.shop/new/net_api
- http://rd.lesac.ru/
- http://failhostingpolp.ru/9ebeb1ba574fb8e786200c62159e77d15UtXt7/x60VKb8hl1YelOv1c5X1c0BuVzmFZ8-teb-LRH8w
- http://blltly.com/1w1w1
- rd.lesac.ru
- vittuv.com
- urluss.com
- urluso.com
- urloso.com
- urllio.com
- urllie.com
- urlgoal.com
- urlin.us
- urlgo.in
- urlca.com
- urlcod.com
- tweeat.com
- tlniurl.com
- totrakto.com
- tiurll.com
- tinurll.com
- tinurli.com
- tinourl.com
- ssurll.com
- soneservice.shop
- shurll.com
- shoxet.com
- picfs.com
- miimms.com
- ltlly.com
- jinyurl.com
- imgfil.com
- gts794.com
- gohhs.com
- geags.com
- fancli.com
- cinurl.com
- bytlly.com
- bltlly.com
- blltly.com
- 2fexample.us
- byltly.com