“At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis.”
What Tom said appears to have come true, if you download any software, know where it comes from ,who makes it and if they would insert dodgy code in the original file or in an update