Cybercriminals looking to maximize their investments are using evermore sophisticated software techniques and increasingly aggressive steps against their fellow malware authors. Those are among the conclusions by researchers at Deep Instinct about a new strain of malware found within the last two months.
The new malware, dubbed Mylobot, pulls together a variety of techniques to gain a foothold and remain undiscovered. Among the strategies employed are:
- Anti-VM techniques
- Anti-sandbox techniques
- Anti-debugging techniques
- Wrapping internal parts with an encrypted resource file
- Code injection
- Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
- Reflective EXE (executing EXE files directly from memory, without having them on disk)
- A 14-day delay before accessing its C&C servers.
“On a daily basis we come across dozens of highly sophisticated samples, but this one is a unique collection of highly advanced techniques,” says Arik Solomon, vice president of R&D at Deep Instinct. “Each of the techniques is known and used by a few malicious samples, but the combination is unique.”
Read more from Dark Reading