Backdoored images downloaded 5M times removed from Docker Hub

On the same topic, PyPI has recently moved to a new backend, and in the process all end-to-end PGP signatures (created by the package owner upstream, proving that no tampering happened on the online servers) have disappeared from the UI, and that is seen as a &quot;feature&quot;:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;pypa&#x2F;warehouse&#x2F;issues&#x2F;3356" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pypa&#x2F;warehouse&#x2F;issues&#x2F;3356</a><p>You can still get them through some obscure API and you still need to know the right PGP key for verification, but this really signals the lack of consensus and awareness on the path toward a secure software supply chain.<p>EDIT: typos

I wonder how much malicious code like this is doing its work deep down in the endless pyramid of npm dependencies.<p>And how much as-of-now clean code will turn into malicious code when bad guys take over npm repos in the future.<p>It might be possible to tackle this issue by some intelligent trust algo that combines a trust rank similar to google-page-rank and signed messages.<p>Say somebody pushes an update to their repo. Now the first user of it might read it and sign it with &#x27;Looks OK &#x2F;Joe&#x27;. And the next user sees the signed message by Joe in some kind of package-review-message list. Based on all the reviews and the trust of the reviewers, they then can calculate a trust score for the update.

Somewhat related, since this is about Docker security: I started looking at Traefik today. It&#x27;s a reverse proxy that runs as a Docker container and automagically configures itself to expose your other services (that are also running in Docker containers).<p>Neat idea. However, to accomplish this you have to mount the docker socket into Traefik&#x27;s container...<p>Which means that when a bug shows up in Traefik attackers can pivot out of the container and onto the host; access to the docker socket is equivalent to root on the host.<p>And of course Traefik is the thing you&#x27;re exposing directly to the internet.<p>It&#x27;s like giving the guards outside manning your castle&#x27;s gate the skeleton key to the rest of the castle.<p>Of course, Traefik is quickly becoming popular because of its simplicity. But to achieve this simplicity it carves a giant hole in the security of your application.

This bug: <a href="https:&#x2F;&#x2F;github.com&#x2F;docker&#x2F;hub-feedback&#x2F;issues&#x2F;1121" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;docker&#x2F;hub-feedback&#x2F;issues&#x2F;1121</a><p>raised over a year ago(!) is really interesting. It seems like many of the downloads may have been malicious - the author of the malicious images was scanning for open docker api ports and then installing their own images to mine cryptocurrency.<p>So they&#x27;re essentially using docker as a dropper. Clever, in a way.

In what sense is this a “backdoor”? Seems to me the code is coming through the front door, which the victims left open.<p>DockerHub is just the delivery mechanism.

It should be noted that some of the reports talk about the Docker API being publicly accessible over the internet which allowed people to run containers on their machines. This is actually not the worst thing that could have happened -- <i>having access to the Docker API gives you root access on that machine without any authentication</i>!<p>(One of the ideas of rootless containers is to remove the possibility of any privileged codepath, which helps eliminate this issue.)

ORiginal report: <a href="https:&#x2F;&#x2F;kromtech.com&#x2F;blog&#x2F;security-center&#x2F;cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers" rel="nofollow">https:&#x2F;&#x2F;kromtech.com&#x2F;blog&#x2F;security-center&#x2F;cryptojacking-inva...</a><p>The ArsTechnica article, like most AT articles, glosses over most details and focuses on a small-time cryptomining campaign

I don&#x27;t understand why people use other people&#x27;s Docker images. Unless it comes from an official repository for the tool you&#x27;re using, it&#x27;s better to look at the source code&#x2F;Dockerfile in the github link and just roll your own.<p>A lot of times you&#x27;re just installing the package you want with apt-get within your Dockerfile anyway; a package you can&#x27;t check for normal updates for anymore since it&#x27;s in a container. So now you need a tooling system around making sure your packages in your containers don&#x27;t have security issues.<p>Docker is kinda a mess.

For those who wonder why Linux distributions are &quot;still&quot; around, this is a reason. Some have a good vetting process for packages.

&gt;By the time Docker Hub removed the images, they had received 5 million “pulls.” A wallet address included in many of the submissions showed it had mined almost 545 Monero digital coins, worth almost $90,000.<p>This seems incorrect because its impossible to see wallet balances on the Monero network. So I&#x27;m assuming they just came up with the numbers based on some rough calculations.

The worst part here is definitely the timeline. NPM is often criticized about security, perhaps rightfully so, but at least the issues are handled promptly after raised publicly.

This is essentially a dupe of <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17303570" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17303570</a><p>FWIW that headline isn&#x27;t great. Docker hub pulls in no way correlate to innocent users pulling&#x2F;using those images. It could be (and this is quite likely) just other malware which made use of those images and just used Docker hub as a repository.<p>There are official images for the software in question and I don&#x27;t think it&#x27;s that likely that that many people ignored the official ones and got these ones.

“For ordinary users, just pulling a Docker image from Docker Hub is like pulling arbitrary binary data from somewhere, executing it, and hoping for the best without really knowing what’s in it,”<p>This is basically what you do every time you install something (except when it&#x27;s via a walled garden like an &#x27;app store&#x27;). Besides, I&#x27;m not sure I would even classify mining for someone else as &#x27;malicious&#x27;. It hogs your CPU a little, but if that&#x27;s malicious then visual studio should be considered malicious as well.

This is exactly why I never liked Ansible Galaxy, and Docker Hub came into the same category.<p>Screw the extra work, I&#x27;d rather write my own roles and Dockerfiles.

where are the images enumerated?

A startup I&#x27;m aware of (not associated with) that aims to help tame this problem a bit: <a href="https:&#x2F;&#x2F;anchore.io&#x2F;" rel="nofollow">https:&#x2F;&#x2F;anchore.io&#x2F;</a>

This is not a backdoor. I myself have a miner on Docker hub. The image can be used by anyone with correct envars set. Should my image be removed if used by other users no matter what their intensions are?