Attacks involving server-side DNS exploitation have enabled cybercrime operation Detour Dog to inject the Strela Stealer malware into more than 30,000 websites worldwide, most of which are in the U.S., according to HackRead.Detour Dog leveraged DNS's TXT record component to facilitate clandestine command delivery to breached websites in a bid to prompt scam redirections or illicit code retrieval and execution, a report from Infoblox Threat Intel researchers showed.Utilizing TXT records has also permitted truly stealthy and targeted intrusions, with infections left undetected for more than a year. Further analysis revealed that Detour Dog began shifting to delivering Hive0145's Strela Stealer malware between June and July, with the payload spread through the StarFish backdoor.However, the immense traffic generated by the infected websites was suspected to have been automated. Such a threat should prompt the adoption of more robust DNS- and network-level security defenses, according to Infoblox researchers.
