JFrog's security research team, in collaboration with Docker, has uncovered significant malware campaigns targeting Docker Hub, a leading container platform used by developers worldwide. These campaigns, comprising nearly three million repositories, involved "imageless" repositories with malicious metadata rather than container images, aiming to deceive users into accessing phishing sites or downloading malware. The researchers identified three main campaigns: "Downloader," "eBook Phishing," and "Website SEO," each employing distinct tactics to exploit Docker Hub's functionalities. The "Downloader" campaign used fake URL shorteners to distribute malware, the "eBook Phishing" campaign lured users into divulging credit card information under the guise of free eBook downloads, and the "Website SEO" campaign posted random content with seemingly benign intent. Despite Docker Hub's efforts to moderate content and remove malicious repositories following JFrog's disclosure, the findings underscore the challenges of fully preventing such threats and the importance of using trusted content indicators to mitigate risks.