Attackers may abuse a compromised resource for running tasks. A common abuse is to use compromised resources for running digital currency mining. Attackers who have access to a container in the cluster or have permissions to create new containers may use them for such activity.
New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure
Detecting new crypto mining attack targeting Kubeflow and TensorFlow
Detect large-scale cryptocurrency mining attack against Kubernetes clusters
Malicious Docker Hub Container Images Used for Cryptocurrency Mining