Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Detour Dog alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

Detour Dog has shifted from traffic forwarding into malware distribution, expanding its role in the Strela Stealer delivery chain and increasing the reach of its infrastructure. The actor now uses DNS TXT records and compromised WordPress sites to host and relay the first-stage StarFish backdoor. Researchers found that at least 69% of confirmed StarFish staging hosts were under Detour Dog control. The change moves the operator from scam redirection toward a distribution-as-a-service model that can hide payload delivery behind compromised websites.

Related Happenings

Strela Stealer distributed through Detour Dog DNS-based delivery chain

Malware Activity
First: 03.10.2025 21:11 Last: 03.10.2025 21:11 Sources 1

How related: Detour Dog-owned infrastructure, per the company, has been used to host StarFish, a simple reverse shell that serves as a conduit for Strela Stealer.

About this happening: **Strela Stealer** is being delivered through a **Detour Dog**-controlled **DNS TXT record** chain that uses compromised websites and staged hosts, expanding the malware's reach a...

Open Happening

Timeline

  1. 03.10.2025 21:11 2 articles · 7mo ago

    Initial report: Detour Dog alliance reshapes ransomware ecosystem operations

    Initial Disclosure

    Detour Dog first surfaced as a traffic-forwarding operator tied to scam redirection infrastructure. It later began hosting first-stage malware and using DNS-based commands to drive delivery.

    Show sources
    Open in new tab