Hackers exploit a blind spot by hiding malware inside DNS records
10 months ago
- #DNS
- #cybersecurity
- #malware
- Hackers are hiding malware inside DNS records to evade detection.
- Malicious scripts fetch binary files via DNS lookups, bypassing traditional security checks.
- DNS traffic is often unmonitored, making it a blind spot for defenses.
- Researchers found Joke Screenmate malware stored in hexadecimal format within DNS TXT records.
- The malware was split into chunks across subdomains of whitetreecollective[.]com.
- Attackers reassemble the chunks via DNS requests, converting them back to binary.
- Encrypted DNS (DOH/DOT) adoption may increase the difficulty of monitoring such threats.