- Detourdog malware -campaign compromised over 30,000 sites using DNS -om -Director
- Victims were silently redirected to sites that hosted Strela Stealer, a modular infoTeal
- Attack remained undetected for several months due to manipulation at DNS level and abuse of infrastructure
Security researchers have seen a huge malware campaign that managed to quietly compromise with more than 30,000 sites as well as countless visitors.
Researchers from InfoBlox detailed a campaign they called Detourdog, who targeted unprotected servers with a piece of malware with the same name, forcing the servers to redirect visitors.
Since the DNS requests are made from the site itself rather than the visitors, they are invisible to the victims. This also helped the campaign to remain undetected as long as it did – several months.
Strela Stealer
InfoBlox’s analysis also revealed that attackers used a combination of compromised regulators, DNS providers and incorrectly configured domains to spread detourdog.
The victims are redirected from legitimate (but compromised) sites to those who host an infoTeal called Strela Stealer. From there, malware was delivered using standard drive-by-techniques, such as encouraging downloads or utilizing browser vulnerability, depending on the victim’s environment.
Strela Stealer herself was first spotted in late 2022. At that time, it was built just to exfilter E -Mail credentials from Microsoft Outlook and Thunderbird.
However, it developed over the years and is now described as a modular infoTealer that can extract credentials from multiple sources as well as browsers. Once implemented, it communicates with command-and-control servers to Exfilter stolen data and receive updates, making them a persistent threat.
Its attribution has not yet been established, but the word ‘Strela’ means ‘arrow’ in Russian and most other Slavic languages (with some variation).
InfoBlox informed all domain owners concerned as well as relevant authorities, it was further said in the report.
Victims apparently work to clean up their infrastructure, but the full extent of the injury is still unclear. Security experts recommend that organizations revise their DNS configurations, monitor unusual traffic patterns and implement DNS security solutions to detect and block similar threats.
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
