Page 68 - Cyber Defense eMagazine December 2022 Edition
P. 68
Doenerium: When Stealing from Thieves Is Also a Crime
By Igal Lytzki, Incident Response Analyst, Perception Point
Over the past few weeks our team of ‘white hat’ cyber threat experts uncovered a particularly worrying
and sophisticated phishing attack that posed a unique, twofold threat to its unsuspecting victims.
The attack used a malware called Doenerium to harvest victims’ personal data through open-source code
left lingering on Github – including crypto wallets, as well as browser data such as cookies, passwords,
history, and bookmarks. But what made this malware unique was a hidden backdoor within the attack
code. Any information that a hacker gleaned while using Doenerium was secretly and automatically made
available to the malware’s initial author. The victims’ data, stolen first by a hacker, would immediately be
scooped up by the creator of Doenerium as well, to grow his own crypto mining operation.
The model of hacked data-sharing is not new – hackers have long sold stolen data to the highest bidder.
But with Doenerium, the hackers themselves were made unsuspecting victims: the hackers that utilize
this malware to steal sensitive data are actually being hacked themselves by the malware author.
Here are the key components that make this attack and the malware’s capabilities so dangerous, as well
as best practices for individuals and organizations looking to avoid its consequences.
Cyber Defense eMagazine – December 2022 Edition 68
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.