A report by Intenzer cybersecurity firm on July 28, states that Hackers are now using the TikTok meme crypto, Dogecoin, to control a cryptojacking malware on the Linux operating system. According to the firm, researchers studied a new backdoor Trojan malware by the name Doki, when they discovered a hacker was utilizing it to control the mining of privacy coin Monero on public servers.
However, the firm noted that there was a vital distinction in the cryptojacking malware. The security firm unearthed that the old hacker had discovered an alternative way to penetrate internet servers using Dogecoin wallets. Notably, this is the first-ever reported such application of the cryptocurrency.
Hackers take control of C2 servers to mask location
In the study, the firm notes that the trojan virus uses a method that has not been reported before to communicate with its user taking advantage of the Dogecoin blockchain network. Furthermore, Intenzer highlights that the hacker, known as Ngrok, aimed at command and control (C2) servers to deploy the cryptojacking malware. These servers can be used to control infiltrated networks within a target zone; such as mobile devices, laptops, tablets, PCs, or other gadgets that can connect to the internet.
Furthermore, the cyber attacker used Dogecoin transactions to alter the C2 addresses on the compromised systems that control the cryptojacking malware. Gaining control over the C2 servers allowed the hackers to continually shift their digital whereabouts, allowing them to run their illegal monero mining schemes without being busted by the authorities.
Why use Dogecoin to deploy cryptojacking malware?
According to Intenzer, this whole process is to ensure security companies must first access the attackers’ Dogecoin wallet before neutralizing Doki. Accessing the attackers’ wallet without their private key is impossible. The idea seems to be running perfectly so far since the security firm claims that the malware has been operational since the beginning of the year. Interestingly, the study notes that the cryptojacking malware remained unnoticed all that while, with a total of 60 malware scanners used on Linux servers.
The trojan virus is currently active, according to Intenzer. Moreover, the firm notes that cryptojacking malware operators have been targeting docker servers for the last couple of months. In conclusion, to avoid being infected with the Ngrok cryptojacking malware; make sure critical application process interfaces (APIs) are not connected online.