Novel Decoy Dog malware detailed

Substantial upgrades from the open-source remote access trojan Pupy RAT have been observed in the new Decoy Dog malware, which was initially discovered in April, according to The Hacker News. Infoblox researchers reported that Decoy Dog not only allows the inter-controller transfer of its victims in an effort to prolong the concealment of communications with impacted devices but also enables arbitrary Java code execution and emergency controller communications. Moreover, the domain name system has also been leveraged by Decoy Dog for command-and-communication purposes, while earlier disclosures of the operation have prompted immediate attack infrastructure modifications. Uncertainties remain regarding the origins of the Decoy Dog malware but certain state-sponsored threat groups have been suspected to be behind the operation due to similarities in tactics. "The lack of insight into underlying victim systems and vulnerabilities being exploited makes Decoy Dog an ongoing and serious threat. The best defense against this malware is DNS," said Infoblox Head of Threat Intelligence Renee Burton.