Closed prasadmadanayake closed 11 months ago
Seems to also be linked to https://hub.docker.com/r/pauseyyf/pause too, there's also a report by CrowdStrike identifying this as a cryptomining campaign: https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/
Hi All, Circling back here. Thank you for the report on both counts and sorry for a belated response in the case of @prasadmadanayake's initial report.
Both users have been taken down.
Best, Kat
Hi, I like to report this malicious image https://hub.docker.com/r/pauseyop/pause which seems to be an a miner. This got installed in a faulty k8s cluster.
Regards, prasadmadanayake