- Detourdog malware committed more than 30,000 websites using the DNS Redirection
- The victims were silently redirected to the sites that housed Strela Stealer, a modular childhood infants
- The attack remained without being detected for months due to DNS level manipulation and infrastructure abuse
Security researchers have seen a huge malware campaign that silently compromised more than 30,000 websites, as well as countless visitors.
Informlox researchers detailed a campaign called Detourdog, which went to unprotected servers with a piece of malware of the same name, which forced servers to redirect visitors.
Since DNS requests are made from the website itself, instead of visitors, they are invisible to victims. This also helped the campaign to remain without being detected since he did, several months.
Strela Robador
Informlox analysis also revealed that the attackers used a combination of committed registrars, DNS suppliers and poorly configured domains to propagate Detourdog.
The victims are redirected of legitimate (but committed) websites to those who organize an Infoptealer called Strela Stealer. From there, the malware was delivered using standard transmission techniques, such as incorporating discharges or exploiting vulnerabilities of the browser, depending on the victim’s environment.
Strela Stealer was first seen at the end of 2022. At that time, Microsoft Outlook and Thunderbird email was built only to exfiltrate.
However, it evolved over the years, and is now described as a modular infoptealer that can extract multiple sources credentials, as well as browsers. Once implemented, it communicates with the command and control servers to exfilt stolen data and receive updates, so it is a persistent threat.
Its attribution has not yet been established, but the word ‘Strela’ means ‘arrow’ in Russian and most other Slavic languages (with some variation).
Informlox notified all the owners of affected domains, as well as the relevant authorities, it was also said in the report.
Apparently, the victims are working to clean their infrastructure, but the complete scope of the damage is still clear. Security experts recommend that organizations audit their DNS settings, control unusual traffic patterns and implement DNS safety solutions to detect and block similar threats.
Keep PakGazette on Google News and Add us as a preferred source To get our news, reviews and opinion of experts in their feeds. Be sure to click on the Force button!
And of course you can also Keep PakGazette in Tiktok For news, reviews, video deciphes and get regular updates from us in WhatsApp also.
You may also like
