Discovered just a few months ago, Decoy Dog, a remote access Trojan based on open-source Pupy malware, now boasts built-up persistence, leading some researchers to believe there’s a nation-state actor behind it.
The threat intelligence team at Infoblox continued to track Decoy Dog and report that at least three different cybercrime groups are using this new and improved version.
“Although based on the open-source RAT Pupy, Decoy Dog is a fundamentally new, previously unknown malware with many features to persist on a compromised device,” Infoblox said in an update this week. “Many aspects of Decoy Dog remain a mystery, but all signs point to nation-state hackers.”
The malware strain leverages the domain name system (DNS) to establish command and control over the victim’s systems, according to Infoblox.
“The lack of insight into underlying victim systems and vulnerabilities being exploited makes Decoy Dog an ongoing and serious threat,” said Renée Burton, head of threat intelligence at Infoblox.