Hackers Start Using Ngrok Reverse Proxy Technique in Cryptocurrency Mining

Hackers Start Using Reverse Proxy Technique in Cryptocurrency Mining

Lately, there has been an increased proliferation of botnets in the crypto space, most of which resemble each other. However, this trend seems to have changed after researchers from a Chinese cybersecurity company identified a new type of botnet. According to employees of Qihoo 360 Net6lab, this botnet uses a reverse proxy service known as ngrok for its payload server. Precisely, this botnet obscures both its reporter and downloader servers using the ngrok reverse proxy service to periodically generate a large number of randomized subdomain names. Due to the aforementioned randomization, the botnet master does not have control over the generated subdomains, a factor that works to the botnet's favor.

Fundamentally, the ngrok service establishes a subdomain for the hacker, who then transmits the subdomain to target nodes. Afterwards, the infected nodes connect to the server through the subdomain, from where they are used to mine digital currencies. The complexity of this method makes it difficult to pinpoint the exact location of the payload server. When the location of the payload server is unknown, investors are often left stranded because they do not who to blame and what authorities to contact. Regarding this, the Netlab researchers discovered that this domain switching activity stared in June 2018. Also, the subdomain names are replaced collectively after a maximum of 12 hours.

Another Reverse Proxy Hacking Incident

Although the ngrok botnet is efficient, it is not the first instance where malicious individuals have leveraged reverse proxy techniques to mine virtual currencies. Previously, craftier hackers hijacked an Amazon Web Services account belonging to Tesla, an established tech company. The cybercriminals altered the entire hosting server into a mining rig. Besides, they constructed their own mining pool and hid its IP address using the CloudFlare reveres proxy service. By doing this, the hackers avoided a potential shutdown which would have been implemented if they opted for a public mining pool.

As the days go by, hackers in the crypto space are advancing their methods by integrating the latest technologies. Soon, these cybercriminals might resort to employing techniques such as onion routing and I2P for reverse proxies. As opposed to ngrok and CloudFlare, which are public services, onion routing 12P are far much sophisticated and would require increased time and resources to take down.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide