Detour Dog: DNS Malware Powers Strela Stealer Campaigns

Detour Dog operates a large, resilient DNS-based website malware system that issues Base64-encoded DNS TXT responses (including a "down" command) to compromised sites, enabling server-side redirects and remote execution to fetch staged payloads; the infrastructure has been used to distribute the StarFish backdoor and Strela Stealer, with sinkhole data revealing ~30,000 infected hosts across 584 TLDs and millions of TXT queries, demonstrating a novel, high-volume malware distribution and evasion technique.