28.Lock Globe

Threat actors are using blockchain technology to hide the presence of malware on Linux IoT devices. The Nkabuse malware uses a new method of hiding itself from detection: it stores its code in the Bitcoin blockchain. Every time an infected device communicates with the Bitcoin network, it sends a portion of its code with each transaction. This method allows Nkabuse to stay hidden even if it is discovered by a security researcher or neutralized by a patch.

The implications of this technique are significant: because the code is stored in such an accessible place, it is easy for anyone who wants to access it—including law enforcement or other malicious actors—to find and use it. Malicious actors could use this type of malware to create an army of compromised machines that they could use for any number of malicious purposes, such as DDoS attacks or sending spam emails. 

So, how long until we see someone else copycat this technique, and what can we do about it? I found the article linked below very helpful in answering these questions, and I encourage you to check it out!