Tuesday, December 14, 2021

Interesting article on the new frontier of botnets identifying C2 servers using "memo" data in blockchain transactions between known wallets

 The title tells you the gist of the story, but here's the full article:


Basically, the botnet code is written such that if its current C2 (Command and Control) server is down, it will search the public blockchain for transactions between known wallets. Every transaction can have an optional "memo" field, which is where the botnet controllers put the address of other C2 servers.

No comments: