Backdoored images downloaded from DockerHub 5 million times https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/ https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Malware installed through DockerHub can also escape the container, so may continue to run.
Friends don't let friends install unreproducible black box container images.
@cwebber Trying to explain supply chain attacks is not always the most successful conversation I can have
docker, not so hot take?
@cwebber to be honest, the issues seem to come from open and unprotected kubernetes clusters.
So yeah, if you leave your orchestration tools wide open, attackers can execute code (docker images or not) on your infrastructure, it's not especially new, imho.
If you execute untrusted code, you can end up mining cryptocurrencies, it's not a docker specific issue ;)