Detour Dog Uses DNS to Deliver Strela Stealer Malware

The cybercrime group Detour Dog has been quietly infecting over 30,000 websites since 2020 using a sophisticated, server-side attack. The group leverages DNS TXT records as a covert channel to send commands to compromised sites, making the malicious activity invisible to most visitors. This technique allows them to selectively redirect users to scams or, more recently, deliver the powerful Strela Stealer infostealer malware. By controlling the attack from the server, the compromised websites can remain infected for long periods without detection. The campaign's vast infrastructure generates millions of DNS queries, with traffic originating from numerous global locations.

Latest mentioned: 10-01

Earliest mentioned: 10-01

Sources

gbhackers.com hackread.com cybersum.net

Also Read

WestJet Airline Data Breach Exposes Passenger Information

A major airline has confirmed it suffered a data breach in June after a third party gained unauthorized access to its internal systems. The incident exposed customers' personal information, which could include full names, dates of birth, mailing addresses, and travel document details such as passport numbers. The airline has stated that no financial information like credit card numbers or account passwords was compromised in the attack. The company has since resolved the issue and is notifying affected individuals. Impacted customers are being offered complimentary credit monitoring and identity theft protection services.

10-01Read more →