Doenerium: When Stealing from Thieves Is Also a Crime

            By Igal Lytzki, Incident Response Analyst, Perception Point





            Over the past few weeks our team of ‘white hat’ cyber threat experts uncovered a particularly worrying
            and sophisticated phishing attack that posed a unique, twofold threat to its unsuspecting victims.

            The attack used a malware called Doenerium to harvest victims’ personal data through open-source code
            left lingering on Github – including crypto wallets, as well as browser data such as cookies, passwords,
            history, and bookmarks. But what made this malware unique was a hidden backdoor within the attack
            code. Any information that a hacker gleaned while using Doenerium was secretly and automatically made
            available to the malware’s initial author. The victims’ data, stolen first by a hacker, would immediately be
            scooped up by the creator of Doenerium as well, to grow his own crypto mining operation.

            The model of hacked data-sharing is not new – hackers have long sold stolen data to the highest bidder.
            But with Doenerium, the hackers themselves were made unsuspecting victims: the hackers that utilize
            this malware to steal sensitive data are actually being hacked themselves by the malware author.

            Here are the key components that make this attack and the malware’s capabilities so dangerous, as well
            as best practices for individuals and organizations looking to avoid its consequences.








            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         68
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.