Criminals Leverage the Dogecoin Blockchain to Infect Vulnerable Docker Servers With Malware

CryptoMode DOGECOIN price

The Dogecoin blockchain isn’t used for any dApps, smart contracts, or DeFi solutions. Criminals are using it to deliver a new cryptojacking scheme and Linux-based malware, however. Docker servers around the world are at risk of an impending attack. 

A Different use for Dogecoin

Over the past few years, there have been numerous iterations of malware, ransomware, and cryptojacking efforts. More often than not, criminals will try to steal computer resources to mine cryptocurrencies such as Monero. It doesn’t happen all that often that a crypto blockchain is used to deliver the malware in question. 

That situation is now coming to change. A new Docker container attack has been identified by security researchers this week. It leverages the Dogecoin blockchain to create dynamic C2 domains. The Linux-based malware, dubbed Doki, will execute malicious code on target computers and networks.

Further research has confirmed that Doki has been in circulation for at least six months. It had gone by virtually undetected until recently. That is surprising, given how Doki established a C2 server connection by querying the API.

Using a block explorer for Dogecoin to make this connection is rather unique. It shows that there are a lot of use cases for this technology, albeit this is not the one people would like to see. Through the block explorer, it looks for  a value sent out from a Dogecoin wallet address controlled by the attacker(s). Once the value is retrieved, it is hashed and transformed into a subdomain. 

Docker Servers are at Risk

By purposefully going after Docker servers, the criminals clearly have a plan in mind. Docker environments with misconfigured API ports will be vulnerable to this method of attack for some time to come. Once the attack gains access, they will begin installing compromised containers and wreak all kinds of havoc.

Surprisingly, these malware-containing images are found on Docker hub itself. This ensures the criminals don’t need to hide them all that well. Ultimately the environment will become part of a botnet and begin mining cryptocurrency on behalf of the culprit. 

CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected] None of the information on this website is investment or financial advice. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. No reviews should be taken at face value, always conduct your research before making financial commitments.