A new attack campaign deploys malicious container images on cloud servers by exploiting insecure Docker Engine API endpoints. The malicious image contains a distributed denial-of-service (DDoS) botnet implant written in Python.
“Once a valid endpoint is discovered, it’s trivial to pull a malicious image and launch a container from it to carry out any conceivable objective,” researchers from Cado Security said in a report. “Hosting the malicious container in Dockerhub, Docker’s container image library, streamlines this process even further.”
