Dogecoin’s moment didn’t end with TikTok or Elon Musk. Instead, hackers started using cryptocurrency to control mining malware.
Dogecoin is being used by hackers to control monero mining malware on Linux operating systems, security firm Intezer Labs said yesterday.
When Intezer Labs was analyzing a relatively new backdoor Trojan virus, called Doki, it discovered that a former attacker was using it to target mining malware on public web servers.
But there was a fundamental difference. The company found that the hacker had discovered a new method for using Dogecoin wallets to infiltrate Web servers; a first such use for meme currency.
“Doki uses an undocumented method to contact its operator, abusing the Dogecoin cryptocurrency blockchain in a unique way, in order to dynamically generate its C2 domain address,” said Intezer Labs in his report.
The attackers directed command and control (C2) servers for this attack. They are used to organize and control compromised systems on a target network and can include smartphones, PCs and any other device connected to the Internet.
Using Dogecoin transactions, attackers were able to change C2 addresses on exposed computers running their Monero mining bots. This allowed them to continually change their location (online), which in turn allowed them to carry out the attack without being caught by the police.
Buy Bitcoin at Coinext
Buy Bitcoin and other cryptocurrencies at the safest broker in Brazil.
Register and see how simple it is, visit: coinext.com.br
So, why use this method? According to Intezer, these measures mean that security companies need to access the hacker’s Dogecoin wallet to take down Doki, which is “impossible” without knowing the wallet’s private keys.
And it seems to have worked well so far. Intezer said that Doki has been active since January this year, but remains undetected in all 60 “VirusTotal” scanning software used on Linux servers.
The attack is still active. Intezer Labs noted that, in recent months, docker servers have been increasingly targeted by malware operators and “especially by cryptocurrency mining groups”.
One way to prevent exposure to the Ngrok botnet is to ensure that the APIs (critical application process interfaces) are not connected to the Internet.
As for Dogecoin, of going viral on TikTok to be endorsed by Elon Musk – and now being an essential tool for hackers – is there anything for which this coin will not be recognized?