- The researchers found proof of screenmate malware jokes on the DNS servers
- Joke Screenmate is harmless and farce malware
- There are ways to defend against this
The pirates found a way to hide malware in the domain name system (DNS), to intelligently avoid detection and flight under the radar. It is according to the researchers in security tools safety who, in a recent blog, detailed how they discovered the malware of the screen of the screen hiding on DNS servers.
DNS is essentially the Internet address book, transforming readable domain names (such as PK Press Club.com) into IP addresses that computers use to locate services. DNS records are available in different types, including TXT records, which are generally used to store description text.
However, as the domain tools explained, cybercriminals have found a way to decide malware into small coded fragments and place them in a TXT DNS recording under different sub-domains. It is essentially a digital puzzle scattered on different addresses. In itself, each part is harmless, but when it has come back, it forms a malicious file.
Screenmate joke
Using script tools, threat actors question DNS recordings and rebuild malware without triggering usual security alarms, and as DNS traffic is generally reliable, it does not raise any suspicion.
In their editorial staff, Domain Tools researchers described Finding Joke Screenmate, a program that triggers false errors of the system and causes erratic cursor behavior. But perhaps more alarming, they found a PowerShell Stage, a script that can download and run more destructive malicious software.
Although the attack technique is treacherous, there are ways to defend. Cybersecurity teams should implement DNS traffic monitoring, looking for unusual models and repeated TXT queries. They can also use tools that inspect DNS records beyond simple resolution functions and should maintain threat intelligence flows that include malicious areas and subdomains.
So far, there have been very few examples of abuse in the will, but as the technique seems to be quite simple to achieve, it would not be too surprising to see it becoming more popular in the coming months.
Via Tom material
