How Today’s Hackers Hide Their Malware

image provided by pixabay

This post is also available in: עברית (Hebrew)

In the early days of the internet, sending malicious files to an unsuspecting victim was extremely easy, and many online users did not have any defenses on their computers. Nowadays, Windows Defender usually flags any hacking tools as malicious and removes them, which means that today’s hackers must get creative when hiding their malware.

One classic example of concealing malware is Steganography, a sophisticated cryptography technique for concealing malicious software inside seemingly innocent image files and audio files. According to Cybernews, nowadays up to 50% of steganography attacks target industrial organizations. For example, attackers can trick users into executing a malicious file by using WinRAR – they configure WinRAR to archive malicious files that appear to be images, and once the image is opened it will run the malicious code in the background.

Another concealment method is LSB steganography (Least Significant Bit), which involves hiding malicious code or data within the pixels of an image – converting the malicious code into binary data that is embedded into the least significant bits of the pixel values. The process is later reversed to reassemble the malicious binary data. Nevertheless, experts reassure that by keeping your antivirus up to date, enabling file detection, and keeping the firewall active, you can mostly keep safe from steganography attacks.

Another concealment technique is “file fragmentation” or “file splitting”, which involves fracturing the file into multiple smaller portions that are often placed in different files or locations hidden on the operating system. This way, each independent part of the malware seems innocent enough, evading the detection of the computer’s defenses. The files are then reassembled by a script into a complete file.

Another malware type is “droppers” – a multi-staged delivery system that waits for instructions from the attacker to then download and deploy malware, effectively hiding until it is called to action. Droppers are usually disguised as other legitimate programs and are commonly found bundled with other software, compressed within pirated software, or attached within email phishing campaigns.

This overview was provided by Cybernews.