MalwareHunterTeam discovered a new backdoor called Mozart uses DNS to communicate with remote attackers to evade detection by security software and intrusion detection systems. The Mozart malware is believed to be distributed via phishing emails that contain PDFs that link to a ZIP file that was located at https://masikini[.]com/CarlitoRegular[.]zip. The malware will use DNS TXT records to store commands that are retrieved by the malware and executed on the infected computer. If detected, security software will block the connection and the malware that performed the request.
Source: https://www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/