Intezer Labs, a New York-based malware analysis and detection firm, found out hackers using the infamous "Doki" backdoor have been using Dogecoin wallets to mask their online presence.
A hacker - who goes by Ngrok - had uncovered a method to use Dogecoin wallets for infiltrating web servers, the firm noted.
Intezer Labs found out Doki was using a previously undocumented method to contact its operator by abusing the Dogecoin blockchain in a unique way in o.rder to dynamically generate its control and command domain addresses.
Using Dogecoin transactions allowed the attackers to alter these C&C addresses on any affected computers, or servers, that ran Ngrok's Monero mining bots.
"While some malware strains connect to raw IP addresses or hardcoded URLs included in their source code, Doki used a dynamic algorithm to determine the control and command address using the Dogecoin API.".
The firm added these steps meant security firms needed to access the hacker's Dogecoin wallet to take down Doki, which was "Impossible" without knowing the wallet's private keys.
They used the Doki service to determine and change the URL of the control and command server it needed to connect for new instructions.
When the above was fully executed, the Ngrok gang could change Doki's command servers by making a single transaction from within a Dogecoin wallet they controlled.
Dogecoin and Doki only served as access bridge, as ZDNet.
Intezer said Doki has been active since this January, but remained undetected on all 60 "VirusTotal" scanning software used on Linux servers.
Dogecoin is now being used by crypto hackers after TikTok boom
gepubliceerd op Aug 1, 2020
by Cryptoslate | gepubliceerd op Coinage
Vermeld in dit artikel
Despite price stagnation under $400, Ethereum fundamentals are still strong
After a 60 percent rally in the span of two weeks, the price of Ethereum is cooling off.
"How many Ethereum in circulation?" asks the Bitcoin community
The great Ethereum supply debate is on-and it's turning fierce.
Ransomware Attacks Demanding Crypto Are Unfortunately Here to Stay
Overall, according to a report by anti-malware software firm Malwarebytes, there was a 365% increase in ransomware attacks against businesses between the second quarter of 2018 and the second quarter of 2019.Other reports show that 948 United States government agencies and healthcare and education institutions were affected by ransomware attacks in 2019.
Litecoin "active" wallets jump ahead of Bitcoin Cash and BSV
Litecoin - long called the digital silver to Bitcoin - is seeing a rise in activity ahead of its MimbleWimble implementation in September this year.