User organizations have taken more of their business infrastructure off-premises lately. As a result, cybercriminals have attempted to target Linux-based cloud environments, such as Docker servers, with misconfigured API ports.
Some of these scamming schemes comprise more conventional varieties of Linux-based malware attacks. However, researchers recently discovered a Docker container attack. It distributes an undetectable malicious backdoor that abuses the Dogecoin crypto blockchain for dynamic C2 domain generation.
The backdoor, dubbed Doki, is designed to execute malicious code sent by adversaries. According to researchers from Intezer, it has secretly existed for more than six months already.
Doki builds C2 communication by querying the dogechain.info API for the value sent out from a hardcoded wallet address that the attacker controls. After that, this value is hashed and converted to a subdomain appended to ddns.net to create a random C2 address.
Intezer explained that, using this technique, the attacker controls which address the malware will contact by transferring Dogecoin from his/her wallet.
The attacker is the only one who has control over the wallet. So, only he/she can control when and how much Dogecoin to transfer. Additionally, the blockchain technique helps prevent law enforcement takedowns, thwarting domain filtering.
According to the report, the campaign is the work of the actors behind the Ngrok botnet, which is more typically likely to infect victims with crypto miners.
As evidence shows, when a new misconfigured Docker server is up online, it takes only a few hours to become infected by this campaign.
The botnet attackers scan for openly accessible, misconfigured Docker API ports, thus exploiting their victims. Then they establish their own malware-serving containers on the host. These malicious containers are based on highly used images available through the Docker hub.
The attackers don’t need to hide a publicly available image on the Docker hub, which is a big advantage for them. Instead, they can use an existing image and run their malware and logic on top of it.
Key Points: Due to the Israel-Hamas conflict, economic growth in MENA and Pakistan has been downgraded from 3.3% to 2.6%…
Key Points European stock's decline, The Stoxx 600 index, fell by 0.6%, signalling the potential first monthly loss since October…
Key Points: Ethereum remains above $3,000 despite recent lows of $2,867, showing signs of stability and recovery. Key resistance is…
Key Points: AUD/JPY closed at 98.20, facing resistance at 98.50 and 50-day EMA. Geopolitical tensions, like the Israeli missile strike,…
Key Points: Rising oil costs weaken the Indian Rupee due to India's significant oil imports, impacting its trade deficit and…
Key Points Brent oil hit $89.74/barrel, and WTI reached $85.16/barrel due to Middle East tensions. Despite this week's gains, oil…
This website uses cookies.