A brand new research signifies that hackers are actively count on the Dogecoin (DOGE) blockchain to broaden a malware payload named “Doki.”
According to cybersecurity researchers at Intezer, Doki is a totally unobserved backdoor that abuses the Dogecoin blockchain “in a unique way” so as to generate its C2 area handle and breach cloud servers. It is deployed by way of a botnet referred to as Ngrok.
These area addresses are used by the malware to seek for extra weak cloud servers throughout the community of the sufferer.
Intezer’s research explains extra concerning the deployment of the assault:
“The assaulter controls which address the malware will contact by transferring a specific amount of Dogecoin from his or her wallet. Since only the assaulter has control over the wallet, only he can control when you bet much dogecoin to transfer, and thus switch the domain accordingly.”
Undetected for over six months
Intezer says that utilizing Dogecoin to deploy a crypto-unrelated malware could also be “quite resilient” to each legislation enforcement and safety merchandise. That’s why Doki has managed to remain unobserved for over six months, regardless of having been uploaded to the VirusTotal database in January.
The research highlights that such an assault “is very dangerous”:
“Our evidence shows that it takes only few hours from when a new misconfigured Docker server is up online to become unhealthful by this campaign.”