Researchers at Sophos Labs have discovered what is thought to be the very first case of hijacking code using bitcoin’s blockchain to communicate with the command and control (C&C) center.
“Bitcoin ‘transactions’ don’t actually have to be about money – they can include a field called
RETURN, also known as
OP_RETURN, that is effectively a comment of up to 80 characters,” they say.
That’s exactly what the hackers did in this case (pictured above), with the return being an encrypted secret message that requires a 256-bit AES decryption key that’s coded into the the Glupteba malware program.
The wiz boys at Sophos have decrypted this to show a domain address, that being the command and control center hiding in plain sight.
With all that skill however these hackers are wasting their talents because we need a lot of things to be built in this space with plenty of opportunities to make a lot of money without having to look over your shoulder.
So hopefully we’ll see a lot more good uses of these bitcoin secret messages, and not the stupid ones that waste hours of our time to reinstall grandma’s bugy Windows.