Hackers Hide Malware in DNS Records
2025-07-22
Hackers are hiding malware in domain name system (DNS) records, a location largely untouched by most security defenses. This allows malicious scripts to fetch binary files without triggering antivirus software, as DNS traffic is often overlooked. Researchers from DomainTools discovered this technique being used to host a malicious binary for Joke Screenmate malware. The binary was converted to hexadecimal, split into chunks, and hidden within TXT records of subdomains. An attacker can retrieve these chunks via seemingly innocuous DNS requests, reassemble them, and convert back to a binary. This method becomes increasingly harder to detect as encrypted DNS lookups like DOH and DOT gain wider adoption.
Tech