The Dogecoin blockchain isn’t used for any dApps, smart contracts, or DeFi solutions. Criminals are using it to deliver a new cryptojacking scheme and Linux-based malware, however. Docker servers around the world are at risk of an impending attack.
A Different use for Dogecoin
Over the past few years, there have been numerous iterations of malware, ransomware, and cryptojacking efforts. More often than not, criminals will try to steal computer resources to mine cryptocurrencies such as Monero. It doesn’t happen all that often that a crypto blockchain is used to deliver the malware in question.
That situation is now coming to change. A new Docker container attack has been identified by security researchers this week. It leverages the Dogecoin blockchain to create dynamic C2 domains. The Linux-based malware, dubbed Doki, will execute malicious code on target computers and networks.
Further research has confirmed that Doki has been in circulation for at least six months. It had gone by virtually undetected until recently. That is surprising, given how Doki established a C2 server connection by querying the Dogechain.info API.
Using a block explorer for Dogecoin to make this connection is rather unique. It shows that there are a lot of use cases for this technology, albeit this is not the one people would like to see. Through the block explorer, it looks for a value sent out from a Dogecoin wallet address controlled by the attacker(s). Once the value is retrieved, it is hashed and transformed into a subdomain.
Docker Servers are at Risk
By purposefully going after Docker servers, the criminals clearly have a plan in mind. Docker environments with misconfigured API ports will be vulnerable to this method of attack for some time to come. Once the attack gains access, they will begin installing compromised containers and wreak all kinds of havoc.
Surprisingly, these malware-containing images are found on Docker hub itself. This ensures the criminals don’t need to hide them all that well. Ultimately the environment will become part of a botnet and begin mining cryptocurrency on behalf of the culprit.
Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]