How Public Container Registries Have Become a Silent Risk Multiplier in a Modern Supply Chain

Key Takeaways  The Risk Introduced by Implicit Trust in Public Container Images  Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. However, that same convenience has quietly shifted trust decisions earlier in the development lifecycle, often without sufficient scrutiny of what is actually […]

How Public Container Registries Have Become a Silent Risk Multiplier in a Modern Supply Chain

Amit Gadhave, Senior Cloud Threat Research Engineer, Qualys

February 24, 2026 - 12 min read

Table of Contents

• The Risk Introduced by Implicit Trust in Public Container Images
• Discoveringand AnalyzingMaliciousContainer Images
• Key Threat CategoriesofMaliciousContainer Images
• MITRE Tactics and Techniques in Container Image Abuse
• Operationalizing Trust Across the Container Lifecycle
• Important Safety Measures
• Conclusion
• Frequently Asked Questions (FAQs)

Key Takeaways

• Pulling container images from public registries is a trust decision, not a neutral operational step. The impact extends to infrastructure stability, cloud spend, and security risk.

• Cryptomining is the most common form of malicious abuse in public container images, driven by the ease of distribution and low visibility inside container layers.

• Simple indicators such as non-pronounceable names, low pull counts, and unexpected binaries often distinguish malicious images from trusted ones.

• Typo squatting remains an effective technique that exploits familiarity with popular base images and application stacks.

• Effective container security requires controls across the full lifecycle, from image ingestion and validation to continuous runtime monitoring.

• Organizations that embed trust checks early preserve development speed while reducing exposure at scale.

The Risk Introduced by Implicit Trust in Public Container Images

Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. However, that same convenience has quietly shifted trust decisions earlier in the development lifecycle, often without sufficient scrutiny of what is actually being deployed.

Container ecosystems like DockerHub as well as public cloud registries such as Amazon ECR, Google Artifact Registry, and Azure ACR have transformed how applications are built, shared, and deployed across modern cloud-native environments. Docker Hub, the largest public container registry, allows the Docker community to store, share, and distribute container images that bundle application code, runtime, libraries, and configuration into a single deployable unit.

This openness enables speed and scale, but it also creates an attractive distribution channel for malicious actors seeking to hide harmful payloads inside seemingly legitimate images.

Discovering and Analyzing Malicious Container Images

Identifying malicious container images in public registries requires more than surface-level inspection. While most images appear benign at first glance, closer analysis often reveals patterns that distinguish trusted images from those designed to deceive or abuse runtime resources.

When investigating malicious container images, several indicators can help identify potential threats:

• Suspicious and non-pronounceable repository names

Attackers often use names that closely resemble legitimate software or popular images, or deliberately choose completely non-pronounceable names (random-looking strings) to evade detection and mislead users into pulling malicious containers.

• Low pull count

Legitimate images typically accumulate thousands or millions of pulls over time, reflecting widespread adoption and community trust. In contrast, malicious images often have very low pull counts, indicating they are not widely trusted or used.

• Image layers with malicious content

Inspecting image layers can expose execution artifacts, such as embedded cryptomining binaries, obfuscated scripts, or tools for persistence and lateral movement. These indicators frequently point to intentional misuse rather than misconfiguration.

Our analysis of more than 34,000 container images revealed consistent indicators of risk. Approximately 8% had non-pronounceable names, while nearly 60% had pull counts below 1,000. Additionally, roughly 4% showed direct links to cryptomining activities. Together, these patterns highlight why blind trust in public container images introduces measurable operational and financial risk.

Verification before pulling, combined with the use of trusted publishers and image scanning, is essential to reducing exposure in containerized environments.

Key Threat Categories of Malicious Container Images

Malicious container images observed in public registries generally fall into a small number of recurring threat categories. While the techniques vary, the underlying objective remains consistent: exploit the implicit trust placed in container images to gain compute access, persistence, or opportunities for data exfiltration.

[Malicious container images by threat category]
Chart 1 illustrates the distribution of malicious container images by threat category

Cryptomining in Containers

Cryptomining is the computational process used to validate blockchain transactions, requiring significant CPU/GPU resources. Rather than investing in expensive, dedicated servers, attackers hide mining scripts and binaries directly within container images and rely on unsuspecting users to pull and run them to steal computing power for mining, effectively externalizing compute costs. Victims typically become aware only when Server performance suddenly drops, or Cloud bills skyrocket due to increased cloud resource consumption.

Why are the containers an effective delivery vehicle for cryptominers?

• Easy Distribution via public Docker registries – Uploading an image requires minimal effort, and downloads often appear legitimate within standard workflows.

• Plug-and-Play Execution – Containers require no environment setup. A malicious image usually contains all required dependencies and can run instantly without additional setup.

• Scalability Across Environments – Infected images can spread fast through developers, CI/CD pipelines, and Kubernetes clusters.

• Low Detection – Security tools frequently prioritize hosts and workloads, leaving container internals less scrutinized. Malicious software inside a container can easily go unnoticed.

More than 85% of the identified cryptomining images on Docker Hub were configured to mine Monero (XMR) using tools like XMRig, which leverage its CPU-friendly RandomX algorithm. A smaller subset targeted other RandomX-based or compute-efficient cryptocurrencies such as Zcash, Ethereum, Bytecoin, Twitch, IronFish, Base, Alephium, Flux, and related variants.

[Cryptocurrency mining distribution across crypto mining container]
Chart 2 highlights the distribution of cryptocurrencies observed across cryptomining container images

Typo Squatting in Cryptomining Container Images

Typo squatting remains a common and effective technique used by attackers distributing cryptomining container images through public registries. By exploiting familiar software names and minor spelling variations, attackers increase the likelihood that malicious images are mistaken for legitimate ones during routine pulls.

We observed that cryptomining attackers frequently abused legitimate software names when publishing cryptocurrency miner images, which may trick users into downloading the miner images on the host.

These images are often designed to visually resemble well-known base images or popular application stacks, relying on subtle differences that are easy to miss in fast-moving development workflows.

[...]

Original source