Malware used the Dogecoin blockchain to covertly mine cryptocurrency

Attackers developed malware that uses the Dogecoin blockchain to attack cloud servers and subsequently mine cryptocurrency covertly. Intezer researchers report.

Intezer Protect detected advanced Doki malware infecting Docker cloud servers. Read the full article here: https://t.co/1q3Oi0l4D2

Demo the platform at #BHUSA https://t.co/8CQ1KzJLtd pic.twitter.com/DYt7jCYG2U

— Intezer (@IntezerLabs) July 30, 2020

Hackers installed the Doki backdoor on Docker servers running Linux. The malware was deployed via a botnet named Ngrok. Doki used the Dogecoin blockchain to create a C2 domain.

The attackers could control the address the malware would contact by transferring a certain amount of Dogecoin from their wallet, Intezer noted.

Using the Dogecoin blockchain made the malware highly resilient to actions by law enforcement and cybersecurity firms. This helped Doki remain undetected for more than six months.

Security researchers warned that such an attack is very dangerous:

“For infection, only a few hours are required from the moment a newly misconfigured Docker server connects to the network.”

Earlier Cisco Talos researchers identified a botnet that allowed the use of users' computer systems to mine Monero.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.