Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

2023-07-26 13:13

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on.

Other new features allow the malware to execute arbitrary Java code on the client and connect to emergency controllers using a mechanism that's similar to a traditional DNS domain generation algorithm, with the Decoy Dog domains engineered to respond to replayed DNS queries from breached clients.

Decoy Dog makes use of the domain name system to perform command-and-control.

The first known deployment of Decoy Dog dates back to late-March or early-April 2022, following which three other clusters were detected as under the control of different controllers.

A total of 21 Decoy Dog domains have been detected to date.

"The lack of insight into underlying victim systems and vulnerabilities being exploited makes Decoy Dog an ongoing and serious threat," Dr. Renée Burton, head of threat intelligence at Infoblox, said.

News URL

https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html

#malware #threat

News URL

Related news