- The researchers found evidence of malware of Check Screenmate hidden on DNS servers
- Boke Screenmate is a harmless and joking malware
- There are ways to defend
Computer pirates found a way to hide malware in the domain names system (DNS), skillfully evading detection and flying under the radar. This is in accordance with Domain Tools security researchers who, in a recent blog, detailed how they discovered Check Screenmate malware that is hidden in DNS servers.
DNS is essentially the Internet addresses, turning the legible domain names (such as Techradar.com) in IP addresses that computers use to locate services. DNS records come in various types, including TXT records, which are generally used to store descriptive text.
However, as explained the domain tools, cybercriminals found a way to cut malware into small encoded fragments and place them in a DNS TXT record under different subdomains. It is essentially a scattered digital puzzle in different directions. By itself, each part is harmless, but when it is reassembled, it forms a malicious file.
Screen outbreak
By using command sequence tools, threat actors consult DNS records and rebuild malware without activating the usual security alarms, and since DNS traffic is generally reliable, it does not propose any suspicion.
In their article, Domain Tools researchers described finding Check Scseenmate, a program that triggers false errors of the system and causes erratic cursor behaviors. But perhaps more alarmingly, they found a Powershell Stager, a script that can download and execute more destructive malware.
While the attack technique is perfidy, there are ways to defend themselves. Cybersecurity equipment must implement DNS traffic monitoring, looking for unusual patterns and repeated txt consultations. They can also use tools that inspect DNS records beyond simple resolution functions, and must maintain threat intelligence foods that include malicious domains and subdomains.
Until now, there were very few examples of abuse in the swimsuit, but since the technique seems to be quite simple to achieve, it would not be too surprising to see that it becomes more popular in the coming months.
Through Tom hardware
