Crypto Miners Using Tox P2P Messenger as Command and Control Server

Home/Compromised, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update/Crypto Miners Using Tox P2P Messenger as Command and Control Server

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to make use of the Tox peer-to-peer on the spot messaging service as a command-and-control methodology, marking a shift from its earlier function as a contact methodology for ransomware negotiations.

What is Tox ?

Tox is a serverless protocol for on-line communications that gives end-to-end encryption (E2EE) protections by making use of the Networking and Cryptography library (NaCl, pronounced “salt”) for encryption and authentication.

“The binary found in the wild is a stripped but dynamic executable, making decompilation easier,” researchers Siddharth Sharma and Nischay Hedge . “The whole binary seems to be written in C, and has solely statically linked the c-toxcore library.”

It’s value noting that c-toxcore is a reference implementation of the Tox protocol.

Additionally, the binary comes with capabilities to obtain completely different instructions via Tox, based mostly on which the shell script is up to date or will get executed on an ad-hoc foundation. An “exit” command issued quits the Tox connection.

Tox has been traditionally utilized by ransomware actors as a communication mechanism, however the newest improvement marks the primary time the protocol is getting used to run arbitrary scripts on an contaminated machine.

“While the discussed sample does not do anything explicitly malicious, we feel that it might be a component of a coinminer campaign,” the researchers stated. “Therefore, it becomes important to monitor the network components involved in the attack chains.”

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!