Security News > 2022 > August > Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations.

The findings from Uptycs, which analyzed an Executable and Linkable Format artifact that functions as a bot and can run scripts on the compromised host using the Tox protocol.

Tox is a serverless protocol for online communications that offers end-to-end encryption protections by making use of the Networking and Cryptography library for encryption and authentication.

It's worth noting that c-toxcore is a reference implementation of the Tox protocol.

An "Exit" command issued quits the Tox connection.

Tox has been historically used by ransomware actors as a communication mechanism, but the latest development marks the first time the protocol is being used to run arbitrary scripts on an infected machine.

News URL

https://thehackernews.com/2022/08/crypto-miners-using-tox-p2p-messenger.html