The investigation found that the malicious agent behind the account earned 525,38 XMR, which is about 30000 USD based on the current price of the dollar.
Docker offers virtualization-level virtualization to deliver software in packages called containers. Dockers are popular nowadays, which has made them common goals for them hackers to make money through cryptojacking.
Malicious Docker accounts
The researchers found that a user account called "azurenql" contained eight repositories hosting six malicious Monero mining images.
The basic images use the Ubuntu 16.04.6 LTS operating system.
In order to maintain their anonymity, hackers used Tor.
To be able to mine cryptocurrency, the intruders used two methods, performing these malicious images on the user's environment.
One method is to submit the mined blocks directly to the main minexmr pool, using a wallet ID.
The second method is to use a hosting service that runs their mining pool, which is used to collect block mining.
According to the researchers, wallet ID is used and even the most recent mining activity was observed in April and May 2020.
Cryptomining attacks have become increasingly common. Malicious agents are at risk servers, personal computers, extensions Chrome and web portals to mine digital currencies like Monero. Unit42 security researchers were the first to discover malicious activity and reported it directly to the Docker Hub. Any malicious accounts found were deleted immediately.