Intezer researchers have discovered a new malware that uses the Dogecoin blockchain to deploy attacks on cloud servers and covert cryptocurrency mining.
According to Intezer cybersecurity researchers, the new malware is a previously undetected Linux Doki backdoor that uniquely uses the Dogecoin blockchain to hack cloud servers. It is deployed via a botnet called Ngrok. The researchers reported:
“An attacker controls which address the malware will contact by transferring a certain amount of Dogecoin from their wallet. Since only the attacker has control over the wallet, only he can control when and how much Dogecoin to transfer, and thus switch between domains.”
The researchers also noted that in recent campaigns, hackers attacked Docker installations that had open and unsecured APIs. Criminals deployed new servers inside the cloud infrastructure. Then servers running on Alpine Linux were infected with malicious miner and Doki.
Using Dogecoin to deploy hidden mining-related malware makes It “highly resistant” to the actions of law enforcement and cybersecurity professionals. This is why Doki managed to remain undetected for more than six months, despite being uploaded to the VirusTotal database in January. The researchers emphasize that such an attack is “very dangerous”:
“The available data indicates that it only takes a few hours for an infection to occur from the moment when a new incorrectly configured Docker server was connected to the network.”
Recall that last summer, the company Skybox Security conducted a study, according to the results of which hackers switched from viruses-miners for ordinary users ‘ PCs to hacking and using cloud services resources.