How Malware Authors Hide Communication Between Client-Side Exploit Code and Backend Servers

The author of the post wonders how malware authors hide communication between client-side exploit code and their backend servers. They question how attackers avoid revealing their identity when using Remote Access Trojans (RATs) and phishing emails. The author assumes that IP addresses or domain names must be present in the client-side program, even if they are obfuscated, and that the use of proxy servers could slow down an investigation.