Decoy Dog Gets an Upgrade With New Persistence Features
At least three actors are using the new, improved version, prompting researchers to conclude it was likely developed by a nation-state.
July 25, 2023
Discovered just a few months ago, Decoy Dog, a remote access Trojan based on open source Pupy malware, now boasts built-up persistence, leading some researchers to believe there's a nation-state actor behind it.
The threat intelligence team at Infoblox continued to track Decoy Dog and report that at least three different cybercrime groups are using this new and improved version. Renée Burton, head of threat intelligence at Infoblox, tells Dark Reading that the team estimates there are less than a "few hundred" devices currently compromised by the RAT.
The researchers don't know which organizations are being targeted specifically, but Burton says they are most likely organizations considered to be of value to nation-state actors.
"Typically, this would be political targets or important enterprises, such as technology and critical infrastructure," Burton adds.
Once inside, the threat actor behind Decoy Dog can execute arbitrary code. What they are trying to do beyond that exactly isn't clear, "but we do know that the actor created special mechanisms for them to do anything they want," Burton adds.
"Although based on the open-source RAT Pupy, Decoy Dog is a fundamentally new, previously unknown malware with many features to persist on a compromised device," Infoblox said in an update this week. "Many aspects of Decoy Dog remain a mystery, but all signs point to nation-state hackers."
The malware strain leverages the domain name system (DNS) to establish command and control over the victim's systems, according to Infoblox.
"The lack of insight into underlying victim systems and vulnerabilities being exploited makes Decoy Dog an ongoing and serious threat," said Burton.
Updated 5 p.m. on July 25 with interview responses from Infoblox's Renée Burton.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024