CyberNews Briefs

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol

A new report by Netlab describes the first ever malware campaign to take advantage of the DNS over HTTPS (DoH) protocol. The campaign revolves around Godlua, a sophisticated malware strain that targets outdated Linux servers. Godlua is a backdoor, but also functions as a distributed denial-of-service (DDoS) bot.

After infecting a system, the malware sends out DoH requests to obtain the text records of a domain containing the address of a command and control (C&C) server, to which Godlua will then connect so that the threat actors can send it instructions. While this indirect approach of connecting to a C&C server isn’t new, previous campaigns involved regular (unencrypted) DNS requests instead of encrypted DoH queries that can bypass DNS monitoring solutions.

Read more: First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.