Crypto Miners Using Tox P2P Messenger as Command and Control Server
Aug 24, 2022
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact (" 72client ") that functions as a bot and can run scripts on the compromised host using the Tox protocol. Tox is a serverless protocol for online communications that offers end-to-end encryption (E2EE) protections by making use of the Networking and Cryptography library ( NaCl , pronounced "salt") for encryption and authentication. "The binary found in the wild is a stripped but dynamic executable, making decompilation easier," researchers Siddharth Sharma and Nischay Hedge said . "The entire binary appears to be written in C, and has only statically linked the c-toxcore library." It's worth noting that c-toxcore is a reference implementation of...