Hackers exploit a blind spot by hiding malware inside DNS records
1 min read
Summary
Hackers are increasingly using malware that is stored within DNS records because the traffic is not monitored as closely as other traffic, such as web or email traffic, and so slips under the radar of many defences.
The malware is often stored as hexadecimal code and then divided into hundreds of chunks, with each chunk being stored in a different subdomain.
As DNS lookups become encrypted and secure (using DOH and DOT), it will be even harder to identify this kind of malware being downloaded.
Researchers recently discovered malware called Joke Screenmate being stored in this way.
The malware interferes with the normal functioning of a computer, however, it is relatively unsophisticated and is essentially a prank application.
The discovery does, however, highlight a significant gap in cyber security defences that needs to be closed.
