Hackers are utilizing Dogecoin, the meme-themed cryptocurrency that just lately skilled a bull run thanks to TikTokkers, to assist increase a malware botnet.
A brand new exploit referred to as Doki is piggybacking on software program that targets unprotected Docker containers. By pointing their botnet at a particular Dogecoin pockets, hackers are altering the command and management addresses for numerous contaminated Linux machines, guaranteeing nobody can take over and cease the community.
“Not too long ago, we’ve got detected a brand new malware payload that’s totally different from the usual cryptominers sometimes deployed on this assault. The malware is a totally undetected backdoor which we’ve got named Doki,” wrote safety researchers at Intezer. “Doki makes use of a beforehand undocumented methodology to contact its operator by abusing the Dogecoin cryptocurrency blockchain in a novel method with the intention to dynamically generate its C2 area tackle.”
The system, whereas convoluted, is pretty ingenious. Since you don’t need to permit somebody to take over your C&C infrastructure, a botnet has to transmit new domains to nodes every time the system is compromised. Generally that is tackle is hardcoded into the botnet, or customers can change it manually by way of a distant connection. Neither answer is good from the botnet operator’s viewpoint as it might probably establish the hacker to authorities.
This new system appears to be like at a sure Dogecoin pockets and watches for transactions. The system encodes these transactions, extracts a snippet of every, after which creates a brand new area—one thing like “6d77335c4f23[.]ddns[.]web”—that the botnet controller can use to handle the contaminated servers. As a result of it’s based mostly on a safe and tamper-proof crypto pockets, there isn’t any solution to inform what the following C&C server can be referred to as.
“Utilizing this system the attacker controls which tackle the malware will contact by transferring a certain amount of Dogecoin from his or her pockets. Since solely the attacker has management over the pockets, solely he can management when and the way a lot dogecoin to switch, and thus change the area accordingly. Moreover, because the blockchain is each immutable and decentralized, this novel methodology can show to be fairly resilient to each infrastructure takedowns from regulation enforcement and area filtering makes an attempt from safety merchandise,” wrote researcher Nicole Fishbein.
It simply goes to indicate you that the blockchain is nice for one thing—crime!