A fallback domain is an alternate server address that malware can contact if its primary command-and-control channel is blocked, sinkholed, or taken offline. It is a resilience feature: the infected device can try another domain and still reach the operator.
In cyber security, fallback domains matter because they make disruption harder. Defenders may block a known primary domain, but the malware can switch to a backup and continue receiving instructions, updates, or stolen data. Operators often hide this traffic inside ordinary-looking web requests or rotate through several domains to delay takedown. In real campaigns, including Android banking trojans, fallback infrastructure helps malware survive network filtering and user-report-driven blocking. Defenders look for domain patterns, unusual DNS lookups, and repeated contact attempts to identify and quarantine this behavior.



