A new cryptominer malware that infected almost all the computers on a company’s network within a year uses DuckDNS for command and control communications with its masters. […]

from https://www.bleepingcomputer.com/news/security/new-norman-cryptominer-uses-dynamic-dns-for-c2-communication/