skip to Main Content
bitcoin
Bitcoin (BTC) $ 76,574.52 0.60%
ethereum
Ethereum (ETH) $ 2,981.83 2.07%
tether
Tether (USDT) $ 1.00 0.03%
solana
Solana (SOL) $ 199.58 0.02%
bnb
BNB (BNB) $ 603.22 0.15%
usd-coin
USDC (USDC) $ 0.999509 0.12%
xrp
XRP (XRP) $ 0.552239 0.73%
dogecoin
Dogecoin (DOGE) $ 0.203028 3.88%
staked-ether
Lido Staked Ether (STETH) $ 2,986.06 2.30%
cardano
Cardano (ADA) $ 0.439408 6.17%

Hackers Have Been Using Dogecoin to Deploy Malware for 6 Months & No One Noticed

Researchers at Intezer discovered a new malware that relies on the Dogecoin blockchain network to deploy the attack against cloud servers.

1620 Total views

17 Total shares

Hackers Have Been Using Dogecoin to Deploy Malware for 6 Months & No One Noticed

A new study indicates that hackers are actively relying on the Dogecoin (DOGE) blockchain to expand a malware payload named “Doki.”

According to cybersecurity researchers at Intezer, Doki is a fully undetected backdoor that abuses the Dogecoin blockchain “in a unique way” in order to generate its C2 domain address and breach cloud servers. It is deployed through a botnet called Ngrok.

These domain addresses are used by the malware to search for additional vulnerable cloud servers within the network of the victim.

Intezer’s study explains further about the deployment of the attack:

“The attacker controls which address the malware will contact by transferring a specific amount of Dogecoin from his or her wallet. Since only the attacker has control over the wallet, only he can control when and how much dogecoin to transfer, and thus switch the domain accordingly.”

Undetected for over six months

Intezer says that using Dogecoin to deploy a crypto-unrelated malware may be “quite resilient” to both law enforcement and security products. That’s why Doki has managed to stay undetected for over six months, despite having been uploaded to the VirusTotal database in January.

The study highlights that such an attack “is very dangerous”:

“Our evidence shows that it takes only a few hours from when a new misconfigured Docker server is up online to become infected by this campaign.”

Recently, the threat intelligence team at Cisco Systems discovered a new cryptojacking botnet named “Prometei.” This botnet both mines Monero (XMR) and steals data from the targeted system.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top