User organizations have taken more of their business infrastructure off-premises lately. As a result, cybercriminals have attempted to target Linux-based cloud environments, such as Docker servers, with misconfigured API ports.
Some of these scamming schemes comprise more conventional varieties of Linux-based malware attacks. However, researchers recently discovered a Docker container attack. It distributes an undetectable malicious backdoor that abuses the Dogecoin crypto blockchain for dynamic C2 domain generation.
The backdoor, dubbed Doki, is designed to execute malicious code sent by adversaries. According to researchers from Intezer, it has secretly existed for more than six months already.
Doki builds C2 communication by querying the dogechain.info API for the value sent out from a hardcoded wallet address that the attacker controls. After that, this value is hashed and converted to a subdomain appended to ddns.net to create a random C2 address.
Intezer explained that, using this technique, the attacker controls which address the malware will contact by transferring Dogecoin from his/her wallet.
The attacker is the only one who has control over the wallet. So, only he/she can control when and how much Dogecoin to transfer. Additionally, the blockchain technique helps prevent law enforcement takedowns, thwarting domain filtering.
According to the report, the campaign is the work of the actors behind the Ngrok botnet, which is more typically likely to infect victims with crypto miners.
As evidence shows, when a new misconfigured Docker server is up online, it takes only a few hours to become infected by this campaign.
The botnet attackers scan for openly accessible, misconfigured Docker API ports, thus exploiting their victims. Then they establish their own malware-serving containers on the host. These malicious containers are based on highly used images available through the Docker hub.
The attackers don’t need to hide a publicly available image on the Docker hub, which is a big advantage for them. Instead, they can use an existing image and run their malware and logic on top of it.
Non-fungible tokens, commonly known as NFTs, have emerged as a revolutionary digital asset representing ownership of unique items or content.…
Key Points Microsoft's $1.7 billion investment in Indonesia aims to boost cloud and AI infrastructure as part of the Golden…
Key Points Tesla's stock surged by 15% following a major advancement in its driver-assistance technology in China. Collaboration with Baidu…
Key Points Solana's price stability hinges on the $133.77 level, influencing future bullish or bearish trends. Key resistances at $145.41,…
Key Points The current gold price is $2,334.66/oz, down from April highs, due to decreased haven demand. US high-interest rates…
Key Points: USD/CAD rose to 1.3665 due to a strengthening US Dollar and falling oil prices impacting the Canadian Dollar.…
This website uses cookies.