Dogecoin, gateway for cryptojacking
According to a report by Intezer Labs cybersecurity researchers, Doki is a backdoor that uses blockchain Dogecoin (DOGE) ” in a unique way In order to target web servers.
As with other malware of this type, Doki’s main objective is therefore to obtain full control of a machine in order to drive cryptojacking operations by parasitizing its resources.
Doki targets in particular Docker servers that run on Linux. This is transmitted by Ngrok Mining Botnet, an operation that targets Docker servers exposed on AWS, Azure and other platforms.
“Doki uses a hitherto undocumented method to contact its operator by uniquely exploiting the Dogecoin blockchain in order to dynamically generate its C2 domain address”, specifies Intezer Labs in its report.
Once this malware is installed in the system, it is able to execute the code received from its operators. The malware uses the DynDNS service and a unique domain generation algorithm (DGA), which allows the random generation of subdomain names.
These subdomains are then used by Doki to search for other vulnerable servers within the victim’s network, which makes its deployment very fast:
“With this technique, the attacker controls the address that the malware will contact by transferring a specific amount of Dogecoin from their wallet. As only the attacker has control of the wallet, only he can control when and how much Dogecoin to transfer, and therefore change domain accordingly, ”the researchers add.
👉 Read our Dogecoin presentation sheet
Very virulent malware
In its report, Intezer Labs points out that Doki represents a great threat :
“Our observations show that it only takes a few hours from the time a new, misconfigured Docker server is online to be infected with this campaign. “
Doki is operational, researchers say for more than six months and even the best antivirus software is still unable to detect it.
New malware was not detected by any of the 60 detection engines malware from VirusTotal since it was first scanned on January 14, 2020.
👉 On the same theme: Europe: supercomputers have been diverted to mine Monero
The Dogecoin spotlight didn’t end after it went viral on TikTok or Elon Musk’s many tweets about it. After these good ads, Dogecoin now becomes an essential tool for hackers, which could ultimately degrade the image of the famous altcoin.
👉 To go further: mining Dogecoin more profitable than that of other cryptos?
Receive a crypto news recap every Sunday 👌 And that’s it.
About the Author : Clement Wardzala
Since 2017, I have been interested in Bitcoin, cryptocurrencies and associated blockchain technology. I firmly believe in these technological innovations and that they are already revolutionizing many sectors.
All articles by Clément Wardzala.