Attackers are using off-the-shelf images from Dockerhub to spread malware, with the 9Hits app visiting various websites and the XMRig miner disabled from visiting crypto-related sites to prevent analysis.