Crypto Chaos: Kong’s DockerHub Hijack Turns Systems into Mining Rigs!
Kong’s DockerHub account was hacked, replacing the Kong Ingress Controller 3.4.0 image with a cryptojacking version. Systems running it unknowingly mined cryptocurrency. Kong swiftly removed the rogue image and patched the issue. If you used version 3.4.0, remove it immediately and update to 3.4.1 to avoid being part of a digital gold rush.
Hot Take:
Looks like Kong Ingress Controller v3.4.0 just turned into a surprise cryptocurrency miner! If your servers are feeling unusually warm, it might be because they’re secretly working on their tan while mining Monero. Time to update, before your data center becomes a tropical paradise for crypto enthusiasts!
Key Points:
- A malicious version of Kong Ingress Controller v3.4.0 was uploaded to DockerHub, enabling cryptojacking.
- The malicious code redirected computational power to a crypto mining site, pool.supportxmr.com.
- Kong swiftly removed the compromised image and released a patched version, 3.4.1.
- The breach stemmed from a compromised DockerHub Personal Access Token (PAT).
- Organizations are advised to remove the malicious image and use the patched versions to ensure security.
Already a member? Log in here