The coin-mining botnet known as DDG has seen a flurry of activity since the beginning of the year, releasing 16 different updates over the course of the past three months. Most notably, its operators have adopted a proprietary peer-to-peer (P2P) mechanism that has turned the DDG into a highly sophisticated, “seemingly unstoppable” threat, according to researchers.
DDG was first flagged in January of 2018 by Netlab 360, which went on to sinkhole the malicious operations. The firm was able to do so because DDG used static IP and DNS links for its command-and-control (C2) communications, which were easily subverted. At that point, DDG had only infected 4,391 public-facing servers to mine the Monero cryptocurrency, according to the firm, and didn’t seem like a particularly notable threat.