Hacker News new | past | comments | ask | show | jobs | submit login

This is not a backdoor. I myself have a miner on Docker hub. The image can be used by anyone with correct envars set. Should my image be removed if used by other users no matter what their intensions are?



You are being facetious.

If your image is called monero-miner and a bunch of people download it, of course it's not going to be considered malicious code.

If your image is called apache-webserver and a bunch of people download it and you've stealth bundled a monero miner, of course it's going to be considered malicious code.

EDIT: even worse than that, the images are actually back doored they open up a reverse shell to allow the remote to execute arbitrary commands.


This particular case is definitely a backdoor and malicious. The images were pretending to by mysql, mssql, Apache etc.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: