A new cryptojacking worm, named Graboid, has been spread into more than 2,000 Docker hosts, according to the Unit 42 researchers from Palo Alto Networks. This is the first time such a piece of malware has spread via containers within the Docker Engine (specifically docker-ce).
Scary stuff, and (at the moment) difficult to detect & prevent:
We’ve reached a point with containers where security must be constantly on the front burner. Antivirus and anti-malware applications currently have no means of analyzing and cleaning containers and container images. That’s the heart of the issue.
Graboid may be the first malware to target containers, but it certainly won’t be the last.