Detour Dog is a threat actor controlling infrastructure used to distribute the Strela Stealer malware through innovative DNS-based communication channels. Their operations include exploiting vulnerable WordPress sites, hosting malicious backdoors, and using botnets for spam delivery, indicating a sophisticated and resilient cybercriminal network. #DetourDog #StrelaStealer
Keypoints
- Detour Dog controls domains that host the first stage of Strela Stealer delivery.
- The malware utilizes DNS TXT records for command-and-control communication, making detection difficult.
- They exploit vulnerable WordPress sites to inject malicious code and gain persistence.
- spam campaigns are delivered via botnets like REM Proxy and Tofsee, hosted by Detour Dog infrastructure.
- The organization appears to operate as a distribution-as-a-service provider, complicating mitigation efforts.
Read More: https://thehackernews.com/2025/10/detour-dog-caught-running-dns-powered.html