11-22-2024
BSV
$67.81
Vol 157.24m
-10.93%
BTC
$98613
Vol 110669.31m
1.1%
BCH
$488.96
Vol 1377.98m
-5.48%
LTC
$90.66
Vol 1173.87m
1.12%
DOGE
$0.38
Vol 10138.87m
1.86%
Getting your Trinity Audio player ready...

Hackers have been exploiting the Dogecoin network to deploy a malware payload known as Doki, a new report has revealed. The report claims that the hackers have now been targeting their victims for six months but have managed to stay under the radar.

Doki is a new malware payload that the hackers have been deploying to attack Docker servers, the report by cybersecurity firm Intezer revealed. Unlike previous payloads targeting Docker servers, Doki uses the Dogecoin network to generate its C2 domain address.

Doki is an undetected backdoor for Linux systems, used to execute code by the hackers. It utilizes a unique domain generation algorithm based on Dogecoin, the report revealed. Being multi-threaded, it creates a separate thread upon execution, allowing it to handle all C2 communications.

The hackers are able to control which address the malware contacts by transferring a specific amount of Dogecoin from their digital currency wallet. By controlling the wallet, the hacker is able to switch the domain at will.

The use of the Dogecoin database has given Doki an edge over other malware payloads, the report claimed, stating, “Since the blockchain is both immutable and decentralized, this novel method can prove to be quite resilient to both infrastructure takedowns from law enforcement and domain filtering attempts from security products.”

Doki is deployed through the Ngrok botnet. This highly-effective botnet has been in operation for over two years now. It targets misconfigured Docker API ports and infects them in just a few hours.

Doki has been quite elusive, going for over six months undetected, the report states. This is despite having been uploaded to VirusTotal, a cyber-threat aggregation and analysis platform, on January 14 this year and being scanned multiple times since.

Intezer urged all companies owning container servers in the cloud to fix their configuration to prevent exposure.

Doki isn’t the first malware to exploit a blockchain. In September 2019, Trend Micro discovered that the Glupteba malware was using the BTC blockchain to keep itself alive. If a command and control (C&C) server was shut down, the hackers simply sent a BTC transaction with a new C&C server coded into the OP_RETURN field.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement