Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.

New research from Infoblox Threat Intel has revealed that an established, persistent group of cybercriminals, Detour Dog, has been silently infecting websites around the world since 2020.

The group, which first focused on simple scams routed through affiliate systems like Los Pollos, has now upgraded its attacks to deliver powerful information-stealing malware called Strela Stealer to home users and so far, has compromised over 30,000 websites.

The DNS Hijack: Hiding the Attack

Detour Dog’s operations have been tracked by Infoblox since August 2023. Researchers regard their new tactic as especially tricky because the malware is controlled from the server-side, and the malicious activity happens on the website’s host, completely invisible to the visitor. This is achieved through the Domain Name System (DNS), which ...