.bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
In a troubling trend for enterprises and law enforcement, threat actors are ramping up their use of blockchain domains to hide malicious activity and improve their ability to withstand takedown efforts.
Security vendor FireEye says it has observed a recent uptick in interest in cryptocurrency infrastructure in the cyber underground. Over the last year, there has been a big surge in the number of threat actors that have begun incorporating support for blockchain domains in their malware tools.
Many different software families — including some well-known ones, such as Necurs, GandCrab, Emotet, SmokLoader, and Corebot — have been reconfigured to use blockchain domains for command and control infrastructure, according to FireEye.