Intezer researchers have discovered new malware that uses the Dogecoin blockchain to deploy attacks on cloud servers and covert mining of cryptocurrencies.
According to researchers in the field of cybersecurity Intezer, new malware is a previously undetected Linux backdoor Doki that uniquely uses the Dogecoin blockchain to hack a cloud server. It is deployed via a botnet called Ngrok. The researchers reported:
«The attacker controls, which address the malware will be in contact, transferring a certain amount of Dogecoin from your wallet. Because only the attacker has control over the purse, only he can control when and how much Dogecoin to translate, and thus to switch between domains».
The researchers also noted that during the last campaigns the attackers targeted the installation of Docker, which were open and unprotected APIs. Criminals deploy new servers within the cloud infrastructure. Then servers running on Alpine Linux, were infected with malicious miner and Doki.
Use Dogecoin to deploy is associated with the hidden mining malware makes it «highly resistant» to the actions of law enforcement agencies and experts on cyber security. That’s why Doki managed to remain unnoticed for more than six months, despite the fact that he was loaded in the database VirusTotal in January. The researchers emphasize that such an attack «very dangerous»:
«Available data suggest that infection requires only a few hours from the moment when a new misconfigured server Docker was connected to the network».
Recall that last summer, Skybox Security company conducted a study according to which hackers has shifted from viruses miners for conventional PC users on hacking and the use of resources cloud services.