Evasive Malware Tag

(Major thanks to Lastline's Co-Founder and Chief Scientist Dr. Christopher Kruegel for the "heavy lifting" including the detailed Research Note and the data analysis that supports it.) That title may seem a bit, or even a lot, too friendly, considering that malware is certainly no friend of...

Authored by: Arunpreet Singh and Clemens Kolbitsch The use of runtime-packing of malware has long become the standard to defeat traditional AV products. At the same time, malicious programs are continuously becoming more evasive to avoid being detected by first-generation sandboxes. New waves of malware are now combining these...

Authored by: Clemens Kolbitsch and Arunpreet Singh Another week comes to an end, another wave of evasive malware is attacking users. This week: Shifu. This malware family, termed an Uber Patchwork of Malware Tools in a recent DarkReading post, combines a plethora of evasive tricks to bypass traditional analysis systems,...

Authored by: Arunpreet Singh, Clemens Kolbitsch The Turla malware family is part of one of the most sophisticated malware families seen in the wild today. Given that the APT group behind this malware is suspected to be state-sponsored, the sophistication of the malicious code comes at no...

Authored by: Joe Giron, Clemens Kolbitsch Waves of evasive malware keep rolling in. The latest in the series: Rombertik. This malware variant uses a whole arsenal of ways to hide its functionality, including multiple layers of obfuscation to hinder static analysis, as well as stalling code...

This afternoon at the RSA Conference in San Francisco, I will present on “Evasive Malware: Exposed and Deconstructed.” During that presentation, I’ll lead a discussion around the dramatic growth of evasive malware, the increasingly sophisticated behaviors observed in the past year, and what that means...

Advanced malware is behind many headline-grabbing data breaches, and untold others. It has evolved to elude detection by sensing its environment and – if anti-malware technology is detected – performing evasive maneuvers. Once it gains entry, the malware can lay dormant until the attacker chooses...

Many of today’s advanced persistent threats have been climbing up the ladder - quite literally: Instead of only using user-mode components, APTs more and more frequently include components that are running as part of the operating system kernel. These kernel components run with the...