A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control (C2) domain names.
Doki however is meant to provide a persistent capability for code-execution on an infected host, setting the scene for any number of malware-based attacks, from denial-of-service/sabotage to information exfiltration to ransomware, according to Intezer.