Safeguard
Container Security

Detecting malware and runtime threats in ECR and EKS with...

How GuardDuty ECR malware protection and EKS runtime monitoring catch cryptominers and malicious images, where the coverage gaps are, and how Safeguard closes them.

Karan Patel
Cloud Security Engineer
7 min read

In November 2024, AWS extended GuardDuty's threat detection reach directly into the container image pipeline, adding malware scanning for images pushed to Amazon ECR alongside its existing EKS runtime sensors. For teams running containerized workloads, this closed a real gap: a base image pulled from a public registry, or a build artifact compromised by a poisoned dependency, could sit in ECR and later run in production without anyone scanning the binary layers for known malware signatures. GuardDuty ECR malware protection now does exactly that — inspecting image layers as they land in your registry and correlating findings with runtime behavior in EKS. Combined with GuardDuty's broader container runtime threat detection AWS capabilities, security teams finally get a single control plane that watches both the artifact and the workload it becomes. This post breaks down how the detection actually works, what it catches, where it falls short, and how Safeguard fills the gaps.

What Is GuardDuty ECR Malware Protection and How Does It Work?

GuardDuty ECR malware protection scans container images pushed to Amazon Elastic Container Registry by extracting and inspecting file-level content against a signature and behavioral database, the same detection engine GuardDuty already uses for EBS volumes and S3 objects. When a new image is pushed — or when you enable scanning retroactively on existing repositories — GuardDuty pulls the image, unpacks its layers in an isolated environment, and checks files against known malware hashes and heuristics without ever executing the code. This is distinct from Amazon Inspector's package-vulnerability scanning, which looks for CVEs in installed dependencies. GuardDuty is hunting for malicious binaries, trojanized packages, and known malware families that vulnerability scanners are not designed to catch. Findings surface as Execution:Runtime/MaliciousFileExecuted or CryptoCurrency:Runtime/BitcoinTool.B style alerts in the GuardDuty console within minutes of a push, tagged with the specific image digest and repository so you can trace the artifact back to its build.

How Does GuardDuty Runtime Monitoring Work Inside EKS?

GuardDuty runtime monitoring EKS works by deploying a lightweight eBPF-based sensor as a managed EKS add-on onto every node in a protected cluster, watching process execution, file access, and network connections in real time. Unlike the ECR scan, which is a point-in-time check on a static image, the EKS runtime agent observes what actually happens after a pod starts — a container spawning a reverse shell, a process trying to read /var/run/secrets/kubernetes.io/serviceaccount/token outside normal application behavior, or an outbound connection to a known command-and-control IP. AWS reports the sensor adds a CPU and memory footprint typically under 1% per node, which matters because teams evaluating runtime agents often reject options that measurably tax cluster capacity. Detections from the node agent are enriched with Kubernetes audit log context — pod name, namespace, service account, and the EKS cluster ARN — so a runtime alert arrives already scoped to a specific workload rather than a raw process ID you have to chase down manually.

What Kinds of Malware and Runtime Threats Does GuardDuty Actually Catch?

GuardDuty is tuned to catch cryptomining, known trojans, backdoors, and post-exploitation tooling — categories with well-established behavioral or signature fingerprints — rather than novel, custom-written malware. In practice this means it reliably flags things like XMRig-style cryptominers dropped into a compromised container, credential-harvesting scripts that scrape environment variables for AWS keys, and known malicious binaries pulled in through a compromised base image or a typosquatted package on a public registry. A well-documented real-world pattern GuardDuty is built to catch: an attacker gains access to a CI/CD pipeline, injects a cryptominer into the final build stage of a Dockerfile, and the resulting image is pushed to ECR and deployed across a fleet of EKS nodes — GuardDuty's ECR scan can catch the miner binary before deployment, and if it slips through, the EKS runtime sensor catches the resulting CPU spike and outbound mining-pool connection afterward. This overlap — malware scanning ECR pre-deployment and runtime monitoring post-deployment — is intentional defense in depth, since a single detection layer catching everything isn't realistic for containerized threats that can be introduced at build time, pull time, or runtime.

How Fast Does GuardDuty Detect Threats After an Image Lands in ECR?

GuardDuty typically surfaces ECR malware findings within minutes of an image push, though AWS does not publish a fixed SLA and scan time scales with image size and layer count. For a standard 200–500 MB application image, teams generally see findings appear in the GuardDuty console in under 10 minutes; multi-gigabyte images with many layers can take longer since each layer is unpacked and inspected independently. This matters operationally because most CI/CD pipelines complete a build-push-deploy cycle in well under that window — meaning a malicious image can reach a running EKS pod before the ECR scan finishes and before a runtime alert would even be possible. Teams relying on GuardDuty ECR malware protection as their only pre-deployment gate should be aware of this timing gap and consider blocking deploys on scan completion rather than treating the scan as a purely informational, after-the-fact signal.

What Are the Limits of GuardDuty for Container Security?

GuardDuty's core limitation is that it detects known-bad patterns after an image already exists in your registry or is already running — it does not prevent a vulnerable or malicious image from being built, nor does it enforce policy before deployment. It has no visibility into your Dockerfile, your dependency manifest, or your CI/CD pipeline configuration, so a hardcoded secret, an overly permissive IAM role baked into a container definition, or a vulnerable base image with no known malware signature will pass through silently. It also only covers accounts and regions where it's explicitly enabled, and multi-account organizations frequently discover — well after an incident — that GuardDuty was never turned on for a subsidiary account or a newly provisioned region. Finally, GuardDuty findings require someone watching the console or wired into a SIEM; on their own they don't fix anything, remediate a compromised deployment, or roll back the offending image.

How Safeguard Helps

Safeguard is built for the gaps that sit on either side of GuardDuty's detection window: everything upstream of the push, and everything downstream of the alert. On the upstream side, Safeguard scans source repositories, CI/CD pipeline configurations, and dependency graphs before an image is ever built, catching compromised packages, exposed secrets, and misconfigured build steps that would otherwise become the malicious binary GuardDuty finds later in ECR. That means fewer bad images ever reach the registry in the first place, shrinking the exposure window discussed above where a fast deploy pipeline can outrun a scan.

On the downstream side, Safeguard ingests GuardDuty ECR malware protection findings and EKS runtime alerts directly and correlates them against the full software supply chain context — which commit introduced the flagged file, which team owns the repository, which other services share the same base image or dependency, and whether the same artifact has been deployed to other clusters or accounts. Instead of a security engineer manually pivoting between the GuardDuty console, the EKS audit log, and the CI/CD history to answer "how did this get here and where else is it," Safeguard assembles that trail automatically and can trigger policy-driven responses, such as blocking further deployment of the affected image digest across every environment where it's registered.

Safeguard also addresses the coverage gaps directly: it continuously verifies that GuardDuty and its runtime monitoring add-on are actually enabled across every account, region, and cluster in your AWS organization, flagging drift the moment a new account or cluster comes online without protection. For teams that have already invested in container runtime threat detection AWS-native tooling like GuardDuty, Safeguard doesn't replace that investment — it closes the loop from source code to running workload, so a malware finding in ECR or a runtime alert in EKS is never the end of the investigation, just the starting point for one that's already mostly done.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.