Researchers discovered nearly 3 million empty repositories with hidden links to malicious content on Docker Hub. The threat was identified by JFrog, who found the repositories were part of large-scale campaigns distributing spam and malware. Docker has taken action to prevent links to external resources in description pages of imageless repositories, as metadata for these containers contained malicious content
JFrog also found that over 4.6 million imageless repositories were published on Docker Hub, with a significant number tied to fake accounts used for uploading malicious content. The attackers exploited a Docker policy allowing HTML format metadata, enabling them to insert links to spam, phishing, and malware. The mass uploads occurred in two waves in 2021 and 2023, with campaigns involving pirated content, video game cheats, and free e-book phishing. JFrog emphasized the need for constant moderation on platforms like Docker Hub to prevent such misuse, suggesting stricter rules on repository creation and external link embedding. https://www.darkreading.com/cyber-risk/attackers-planted-millions-of-imageless-repositories-on-docker-hub