New Remote Access Trojan (RAT) uses DNS queries to conduct malicious PowerShell commands on compromised computers. DNSMessenger attack is completely Fileless, as it does not involve writing files to the targeted system; instead, it uses DNS TXT messaging capabilities to fetch malicious. commands stored remotely as DNS. commands. This feature makes it invisible to standard anti-malware defenses. The attack is being distributed through an email phishing campaign, but is not the first time when the malware was used in a small number of targeted attacks.
Source: https://thehackernews.com/2017/03/powershell-dns-malware.html