Hackers Have Been Using Dogecoin to Deploy Malware for 6 Months & No One Noticed

Published at: July 30, 2020

A new study indicates that hackers are actively relying on the Dogecoin (DOGE) blockchain to expand a malware payload named “Doki.”

According to cybersecurity researchers at Intezer, Doki is a fully undetected backdoor that abuses the Dogecoin blockchain “in a unique way” in order to generate its C2 domain address and breach cloud servers. It is deployed through a botnet called Ngrok.

These domain addresses are used by the malware to search for additional vulnerable cloud servers within the network of the victim.

Intezer’s study explains further about the deployment of the attack:

“The attacker controls which address the malware will contact by transferring a specific amount of Dogecoin from his or her wallet. Since only the attacker has control over the wallet, only he can control when and how much dogecoin to transfer, and thus switch the domain accordingly.”

Undetected for over six months

Intezer says that using Dogecoin to deploy a crypto-unrelated malware may be “quite resilient” to both law enforcement and security products. That’s why Doki has managed to stay undetected for over six months, despite having been uploaded to the VirusTotal database in January.

The study highlights that such an attack “is very dangerous”:

“Our evidence shows that it takes only a few hours from when a new misconfigured Docker server is up online to become infected by this campaign.”

Recently, the threat intelligence team at Cisco Systems discovered a new cryptojacking botnet named “Prometei.” This botnet both mines Monero (XMR) and steals data from the targeted system.

Tags
Related Posts
Watch Out for This Cryptojacking Botnet That Steals Data From Its Victims
The threat intelligence team at Cisco Systems discovered a new cryptojacking botnet named “Prometei.” This botnet both mines Monero (XMR) and steals data from the targeted system. According to the paper sent to Cointelegraph, the botnet has been active since May. It relies on 15 executable modules to recover administrator passwords from the infected computer. Password validity is verified by sending them to a control server connected to other networks. Once the malware has obtained access to the user’s administrative rights, it proceeds to record all data contained within the system. Cisco Talos estimates this botnet may contain up to …
Technology / July 22, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Major Argentine Telecom Falls Victim to $7.5M Monero Ransomware Attack
Telecom, Argentina's largest telecommunications company, has fallen victim to a ransomware attack. Hackers are demanding $7.5 million in Monero (XMR) — an amount that will rise to $15 million if the company does not pay within 48 hours. Argentina's major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR pic.twitter.com/AGNvAXh1cg — Alex Krüger (@krugermacro) July 19, 2020 According to El Tribuno, the ransomware attack, which specifically affected Telecom’s call center, took place on July 18. The ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to local media …
Technology / July 20, 2020
Cybercriminals Sneak in Crypto Mining Malware via Confluence Software Exploit
Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7. The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The …
Altcoin / May 7, 2019