Dogecoin blockchain network has been backing up the new malware responsible for attacking cloud servers to steal customer’s data, Intezer researchers discovers.
According to cybersecurity researchers at Intezer, Doki is a fully undetected backdoor which people have never noticed that abuses the Dogecoin blockchain “in a unique way” in order to generate its C2 domain address and breach cloud servers. It is deployed through a botnet called Ngrok.
These domain addresses are used by the malware to search for additional and a large number of vulnerable cloud servers within the network of the victim.
Intezer’s study explains further about the deployment of the attack:
“The attacker controls which address the malware will contact by transferring a specific amount of Dogecoin from his or her wallet. Since only the attacker has control over the wallet, only he can control when and how much dogecoin to transfer, and thus switch the domain accordingly.”
Dogecoin Undetected For Over six months
Intezer says that using Dogecoin to deploy a crypto-unrelated malware may be “quite resilient” over the months to both law enforcement and security products. That’s why Doki has managed to stay undetected for over six months, despite having been uploaded to the VirusTotal database in January.
The study highlights and shows that such an attack “is very dangerous”:
“Our evidence shows that it takes only a few hours from when a new misconfigured Docker server is up online to become infected by this campaign.”
Recently, the threat intelligence team at Cisco Systems discovered and uncovered a new cryptojacking botnet named “Prometei.” This botnet both mines Monero (XMR) and steals data from the targeted system.
This article is sourced from:https://cointelegraph.com