- Hackers have been deploying malware with Dogecoin for 6 months
- Intezer researchers discovered a new malware that depends on Dogecoin
- The cybercriminals used malware via Dogecoin’s network to attack cloud servers
Cryptocurrency News Today – hackers have reportedly been deploying malware with Dogecoin for six months and no one knew. This latest was report came to light after a recent discovery by Intezer researchers. The study discovered that there is a new malware that depends on Dogecoin’s Blockchain network. The hackers use it to deploy attacks against cloud servers.
The new study showed that hackers have been actively using Dogecoin’s network to expand the Doki malware payload for the past six months and counting. This fresh report relating to cybercrime in the digital currency space comes only weeks after the targeted crypto-based Twitter hack.
Hackers Have Access to an Undetected Backdoor Via Dogecoin’s Network
According to the cybersecurity researchers at Intezer, the Doki malware provides a fully undetected backdoor that takes advantage of the Dogecoin Blockchain. It does this uniquely to generate a C2 domain address before breaching cloud servers. The malware is deployed via a botnet known as Ngrok. The domain addresses are used by the Doki malware to search for all vulnerable cloud servers in the network used by the victim. According to Intezer’s study regarding the deployment of this latest attack:
“The attacker manages to control the particular addresses that the malware will contact. He/she does this by transferring a specific sum of Dogecoin from their wallet. Because only the attacker can control the wallet, then only he/she can control when and the (how much) Dogecoin to move, and inevitably switch the domain accordingly to suit their agenda.”
The Attacks Have Been Undetected for More Than Six Months
Using the Dogecoin Blockchain to deploy the crypto-unrelated malware cloaks it from security products and law enforcement as well. That is why Doki has been able to stay undetected for more than six months. This has happened even though the malware has been uploaded onto the VirusTotal database as of January. According to the study, such an attack can be very dangerous. Here is how Intezer describes it:
“We have enough evidence to suggest that it takes less than a few hours from the time a new misconfigured Docker server comes up online to the time it gets infected by the ongoing undetected hacker campaign.”
In recent weeks, the Cisco Systems threat intelligence team discovered a new crypto-hacking botnet known as “Prometei.” The above-mentioned botnet mines Monero’s XMR and also illegally retrieves data from the targeted system.