This Malware is Hiding C&C Server IPs in the Blockchain


A new strain of the banking malware Redaman is hiding dynamic command and control (C&C) server IP addresses inside the Bitcoin blockchain, researchers at Checkpoint say.

Redaman is banking malware that mostly targets Russian speakers. It was first seen in 2015. Its creators have a track record of using innovative techniques to avoid detection.

The malware typically delivers its payloads via a “rotating assortment of archived Windows executable files disguised as PDF documents, according to analysis by Palo Alto Networks earlier this year.

Once downloaded, as Threatpost notes, it is capable of

  • Keylogging
    To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.