A recent discovery by JFrog found that approximately 3 million malicious repositories, active for over 3 years, on Docker Hub, a widely used platform for containerized applications, have been distributing malware and phishing scams, posing a serious threat to users. The security team at JFrog uncovered three large-scale malware campaigns planting 'imageless' repositories with malicious metadata, showing the evolving tactics of cybercriminals. These campaigns include 'Downloader,' 'eBook Phishing,' and 'Website SEO,' with each having unique distribution patterns
JFrog collaborated with Docker to swiftly remove 3.2 million suspicious repositories, underscoring the importance of proactive security measures in combating cyber threats. This incident emphasizes the need for continuous vigilance and enhanced moderation to ensure the integrity and safety of the software ecosystem amidst the ever-evolving landscape of cybercrime. ```https://cybersecuritynews.com/docker-hub-pushing-malware/