Intezer researchers have discovered new malware that uses the Dogecoin blockchain to deploy attacks on cloud servers and stealthy cryptocurrency mining.
According to cybersecurity researchers Intezer, the new malware is a previously undetected Doki Linux backdoor that uniquely uses the Dogecoin blockchain to hack cloud servers. It is deployed via a botnet called Ngrok. The researchers reported:
“The attacker controls which address the malware will contact by transferring a certain amount of Dogecoin from his wallet. Since only the attacker has control over the wallet, only he can control when and how much Dogecoin to transfer, and thus switch between domains. “
The researchers also noted that in recent campaigns, attackers attacked Docker installations that had open and unprotected APIs. The criminals were deploying new servers inside the cloud infrastructure. Then the servers running Alpine Linux were infected with a malicious miner and Doki.
Using Dogecoin to deploy hidden mining malware makes it “highly resistant” to law enforcement and cybersecurity professionals. This is why Doki managed to go unnoticed for over six months, despite being uploaded to the VirusTotal database in January. The researchers emphasize that such an attack is “very dangerous”:
“The available evidence suggests that infection takes only a few hours from the time a new misconfigured Docker server was brought online.”
Recall that last summer, Skybox Security conducted a study , according to which hackers switched from miner viruses for ordinary users’ PCs to hacking and using cloud services resources.