This is shown by new research results Some computer hackers use the Dogecoin (DOGE) blockchain to spread malware called “Doki”.
According to the Intezer researchers Doki is a completely invisible back door that the Dogecoin blockchain network uses in a “unique way” to generate a C2 domain address and violate cloud servers: The software is distributed through a botnet called Ngrok.
The malware uses these domain addresses to look for other vulnerable servers on the victim’s network.
Attack patterns are further investigated in the Intezer study:
“The attacker controls which address the malware comes into contact with by transferring a certain amount of Dogecoin from his wallet. Since only the attacker has the private key of the wallet, only he can control the amount of cryptocurrency to be transferred and thus the domain change accordingly. “
It went unnoticed for six months
According to Intezer, using Dogecoin to introduce malware is “very difficult to detect” for both the police and cyber security companies. That’s why, Doki was able to stay in the shade for more than six months, despite being reported in the VirusTotal database in January.
The researchers found that Such an attack is “very dangerous”:
“The evidence we collect shows that this malware could infect a new, misconfigured Docker server in a matter of hours.”
The Threat Intelligence Team at Cisco Systems discovered a new cryptojacking botnet called “Prometei”.: This system undermines Monero (XMR) and at the same time steals data from the affected network.