Malicious Scammer Targets 10,000 Dogecoin Users, Russian Cybersecurity Firm Reports

  • Sophisticated and experienced online scammer uses multiple backdoors to lure Dogecoin holders.
  • Scammer(s) steal cryptocurrency by creating (replicating) fake Dogecoin mining pools and fake giveaway/rewards websites.

A cybercriminal has reportedly been targeting Dogecoin (DOGE) users by using credential-stealing malware, according to a recent post by cybersecurity firm Dr. Web.

The Russia-based internet security company wrote that their investigation of the activities involving the cryptocurrency scammer found them using “a wide range of commercial Trojans” - which are mainly available through secret online forums like the dark web.

"Gaining Illegal Income"

Referred to as the Investimer, Mmpower, or Hyipblock, the scammer was found to be “gaining illegal income” by using malicious Trojans such as “Eredel, AZORult, Kpot, Kratos, N0F1L3, ACRUX, Predator The Thief, Arkei, and Pony”, Dr. Web noted.

The team of online security researchers discovered that the bad actor has been using the DarkVNC - which is reportedly “a TeamViewer-based Spy-Agent backdoor”, in addition to using HVNC backdoors, to gain access to victims’ personal computers (PCs).

Multiple Backdoor Programs Used

In order to break into users’ machines, the scammer also used the virtual networking computing (VNC) protocol - which is a simple, lightweight protocol that allows users to gain remote access to graphical user interfaces (GUIs) such as those developed by Windows operating systems (OS).

Additionally, the hacker used backdoors “based on RMS”, and “widely applied the Smoke Loader.” As explained by the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), a Smoke Loader is “a small application used to download other malware. It is often distributed via spam campaigns and exploit kits. ... The trojan also evades detection by changing the timestamp of its executable to prevent the malware from being located by searching recently modified files.”

Dr. Web further noted that the cybercriminal used another Loader developed by Danij and a Trojan miner that has a built-in “clipper” for modifying users’ clipboard content. To carry out the attacks, Investimer “hosts [its] controlling servers” on websites including,, and, the Russian cybersecurity firm determined.

Phising Websites

Based on Dr. Web’s findings, most of these websites “are Cloudflare protected and [they] hide their [real] IP address[es].” Moreover, the internet security team believes “Investimer is mainly focused on cryptocurrency fraud, primarily with Dogecoin.”

As described by Dr. Web, the scammer(s) have launched numerous “phishing websites that replicate actual online resources.” One example is replicating a crypto asset exchange that reportedly tells users they need customized client software programs, however, this is actually a “Spy-Agent Trojan” which many unsuspecting users have now downloaded.

The experienced cybercriminal has also created a fake Dogecoin mining pool that is “available for rent at competitive prices.” This scam works by claiming that users will have access to a profitable mining pool if they simply download a “client application” from a “password-protected archive.”

However, the password scheme is actually used to bypass detection by antivirus programs and a “stealer Trojan” is then downloaded onto victims’ PCs, according to Dr. Web. Other key findings by the Russian security team were that malware programs were also being used to steal users’ digital assets including ethereum (ETH) and dogecoin by directing them to fake websites that promised rewards or giveaways.

$800,000 XRP Stolen In Phishing Scam

These sites had malicious scripts “under the guise of a special app” which allowed the scammers to steal users’ private information and/or obtain access to their crypto assets.

As CryptoGlobe reported in September, $800,000 in XRP had been stolen from users by scammers who had created a fake crypto exchange website by replicating a real exchange site.

Users were then sent fraudulent emails that contained links to the fake XRP trading platform. Those who visited these websites and entered their passwords and other private information ended up losing their funds as the hacker(s) simply used it to steal their digital assets by logging into the real XRP exchange.

Will Litecoin Become Obsolete Due to Bitcoin's Lightning Network?

Litecoin (LTC), a proof-of-work (PoW)-based peer-to-peer (P2P) cryptocurrency which uses the Scrypt mining algorithm, instead of Bitcoin’s (BTC) SHA-256 algorithm, has been criticized for not having a legitimate use case.

Earlier this month, Michael Novogratz, the founder of Galaxy Digital, a full-service digital asset merchant bank, argued that LTC’s recent price surge did not make sense. Novogratz, a former partner at Goldman Sachs, had compared the market capitalization of BTC to that of LTC and noted that LTC was overvalued as he thought its market cap was unjustifiably high, At the time, it stood at about 6% of BTC’s overall market share.

LTC, A “Glorified Testnet” For BTC?

According to Novogratz, the Litecoin network is only “a glorified testnet for BTC” and it does not have a unique value proposition. However, a Redditor with username iDONATELLO posted a detailed explanation on why he believes Litecoin is “useful.” The post claims Litecoin is “the second most secure [cryptocurrency platform] behind Bitcoin.”

The Redditor believes that “high levels of mining decentralization” and Litecoin’s use of the Scrypt algorithm are “the ultimate reason” why the LTC network is able to maintain a very high level of security. iDONATELLO wrote:

[By using] a different algorithm than Bitcoin (SHA256), [the Litecoin network effectively] prevents Bitcoin miners from attacking the Litecoin [blockchain.] Litecoin [also] has the most hash power [when compared to all] other Scrypt coins. This makes it very very difficult to attack Litecoin. [The same argument] cannot be [made] for other Proof of Work coins, [with the exception] of Bitcoin.

$99 Million LTC Transaction Settled In Minutes, For Only $0.40

In addition to providing robust security, LTC transactions can be settled fairly quickly and also in a cost-effective manner. The user noted that “the average transaction fees for a Litecoin transaction is 4 cents and about 2.5 - 5 minutes for a transaction to be considered confirmed.”

Notably, iDONATELLO pointed out that an LTC transaction worth around $99 million was conducted and its associated transaction fee was around $0.40, while its confirmation time was approximately 2.5 minutes.

The Redditor also wrote that Litecoin’s integration of the Lightning Network (LN) protocol could potentially lead to even lower transaction fees and faster transaction settlement times. He added that “much of the criticism of Litecoin is [centered around] it becoming useless since Bitcoin will use LN to increase speed and lower fees.”

However, this argument may not be valid because it doesn’t take into consideration that Litecoin may also “benefit from LN.” According to iDONATELLO:

Naturally, Litecoin is the cheapest and fastest on ramp to Lightning Network. What's really cool about the LN though is the compatibility with the two coins. With atomic swaps, you can swap Bitcoin into Litecoin and make payments much quicker than with Bitcoin alone.

“Bitcoin Is Your Savings Account, Litecoin Is Your Spending Account”

He continued:

The way I see it, Bitcoin is your savings account and Litecoin is a spending account. This is not to say Litecoin is not a good store of value, but Bitcoin is more scarce and more secure, making it a stronger store of value to Litecoin, which is more suited for making payments.

The user further noted that both Bitcoin and Litecoin benefit from the Lindy Effect. He explained:

The Lindy Effect is a theory that the future life expectancy of some non-perishable things like a technology or an idea is proportional to their current age, so that every additional period of survival implies a longer remaining life expectancy.

Lindy Effect And Network Effect

Per the Redditor:

[The Lindy Effect] applies to both Litecoin and Bitcoin. They are the two oldest coins, genesis blocks created in 2011 and 2009 respectively. Both have survived the test of time, creating more confidence that [their networks] will continue to survive into the future.

Going on to mention what network effect means, the Reddit user quoted Wikipedia as follows: 

A network effect (also called network externality or demand-side economies of scale) is the effect described in economics and business that an additional user of a good or service has on the value of that product to others. When a network effect is present, the value of a product or service increases according to the number of others using it.

“What this means,” iDONATELLO wrote, is “as the user base/community [of a decentralized cryptocurrency platform] continues to grow, it becomes easier for it grow further. Litecoin has grown a massive community over its 7 and half year existence, [remaining] a top crypto since the beginning, making its future growth easier” and sustainable.