Dogecoin API Used by Cybercriminals to Stealthily Mine Cryptocurrency

News
Tue, 07/28/2020 - 15:59
Alex Dovbnya
The Dogecoin API was exploited to infect Docker servers with undetectable Linux malware
Cover image via U.Today
Contents

 

According to a recent report published by cybersecurity firm Intezer Labs, the Dogecoin API was abused by hackers to plant an undetected backdoor called "Doki" on Docker serves that run on Linux.

Similarly to other backdoor trojans, the main goal was to gain complete control in order to smoothly run cryptojacking operations.

A unique method

Cryptojacking refers to the practice of gaining unauthorized access to someone’s computer in order to stealthily mine cryptocurrency with the help of an undetectable malware component.

This time around, the attackers relied on the API of dogechain.info, the most popular DOGE block explorer, in order to create its C2 domain.

It is capable of finding these domains automatically by relying on a "unique" DGA algorithm that is based on Dogecoin:

Using this technique the attacker controls which address the malware will contact by transferring a specific amount of Dogecoin from his or her wallet. Since only the attacker has control over the wallet, only he can control when and how much dogecoin to transfer, and thus switch the domain accordingly.

Doki had been up and running for over half a year, and the best antivirus software is still incapable of detecting it:

The malware is a fully undetected backdoor. It has managed to stay undetected for over six months despite having been uploaded to VirusTotal on January 14, 2020 and scanned multiple times since.

Related
Criminals Use These New Techniques to Mine Monero (XMR) on Your Computer

Cryptojackers continue to thrive

Recently, Doki servers have become a popular target for cybercriminals, but this is the first instance in which Dogecoin is involved.

As reported by U.Today, privacy coin Monero (XMR) is regarded as the darling of cryptojackers, with close to four percent of the coin’s supply being their work.

Back in May, it was revealed that Microsoft SQL database servers had been infected to illegally mine XMR.

About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.


This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy

Cookie settings