image credit: kyohei ito / Flickr

Doki Backdoor Infiltrates Docker Servers in the Cloud

July 30, 2020


A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control (C2) domain names.

Doki however is meant to provide a persistent capability for code-execution on an infected host, setting the scene for any number of malware-based attacks, from denial-of-service/sabotage to information exfiltration to ransomware, according to Intezer.

Read More on Threat Post