Dogecoin is now being used by crypto hackers after TikTok boom

gepubliceerd op by Cryptoslate | gepubliceerd op

Vermeld in dit artikel
Intezer Labs, a New York-based malware analysis and detection firm, found out hackers using the infamous "Doki" backdoor have been using Dogecoin wallets to mask their online presence.

A hacker - who goes by Ngrok - had uncovered a method to use Dogecoin wallets for infiltrating web servers, the firm noted.

Intezer Labs found out Doki was using a previously undocumented method to contact its operator by abusing the Dogecoin blockchain in a unique way in o.rder to dynamically generate its control and command domain addresses.

Using Dogecoin transactions allowed the attackers to alter these C&C addresses on any affected computers, or servers, that ran Ngrok's Monero mining bots.

"While some malware strains connect to raw IP addresses or hardcoded URLs included in their source code, Doki used a dynamic algorithm to determine the control and command address using the Dogecoin API.".

The firm added these steps meant security firms needed to access the hacker's Dogecoin wallet to take down Doki, which was "Impossible" without knowing the wallet's private keys.

They used the Doki service to determine and change the URL of the control and command server it needed to connect for new instructions.

When the above was fully executed, the Ngrok gang could change Doki's command servers by making a single transaction from within a Dogecoin wallet they controlled.

Dogecoin and Doki only served as access bridge, as ZDNet.

Intezer said Doki has been active since this January, but remained undetected on all 60 "VirusTotal" scanning software used on Linux servers.