NewsSecurity News

Malware Exfiltrating Credentials Via DNS

Researchers from Alert Logic have discovered and reported on a malware campaign using DNS queries to exfiltrate credentials. The credentials are obtained from a backdoored SSH client on a victim system.

When the client makes a connection to a remote server, the username, password, IP Address of the remote server, the local system’s MAC address and domains, are exfiltrated in three encoded strings in a DNS query to the attacker controlled name servers.

Alert Logic has provided code for decoding the first of the three strings sent in the DNS query.

Data exfiltration is any unauthorized movement of data. It can also be known as data exfil, data exportation, data extrusion, data leakage and data theft.

Further details here.

Indicators of Compromise




C&C Servers


IP Addresses


Jason Davies

I am one of the editors here at I am a UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.