Uncovering Malware’s Tactics: 2 Techniques for Stealthy Evasion


Updated on:

I’ve seen a lot of different types of malware over the years. Some are fairly easy to detect and eradicate, while others can be incredibly stealthy. It’s these stealthy malware types that keep me up at night, as they can often infiltrate a system undetected for days, weeks, or even months before anyone even realizes they’re there.

In my work, I’ve found that the best way to combat these stealthy malware types is to understand their tactics. By knowing how they work, we can develop strategies to detect and prevent them from causing damage. In this article, I’m going to focus on two specific techniques that malware uses to evade detection: process hollowing and fileless malware. By understanding these tactics, you’ll be better equipped to protect your systems and data from harm. Let’s dive in.

What are two techniques that malware can use to avoid detection?

Malware creators are getting craftier when it comes to avoiding detection. In today’s digital age, businesses and individuals are under constant threat from malware attacks. Malware can wreak havoc on your systems, steal sensitive data, and potentially bring your operations to a standstill. Therefore it is essential to understand the techniques that malware uses to avoid detection.

  • Stegosploit
  • this method involves hiding malicious code in seemingly harmless images or videos. Malware developers often use steganography to embed their code within a media file. When the file is opened, the hidden code executes, and the damage is done. Users may not realize they’ve been infected until it’s too late.
  • Coding obfuscation, encryption, or compression
  • malware programmers can obfuscate their code to make it more difficult to detect. Obfuscation involves altering the code’s appearance, making it harder for security software to recognize it. Encrypted and compressed code is also harder to detect, making it more challenging to identify potential threats.
  • Additionally, here are some other techniques that malware can use to avoid detection:

  • Awareness of the environment (such as virtual machines) to avoid detection
  • Timing-based method (to avoid scan times and detection)
  • User interaction (phishing scams or social engineering)
  • Domain, IP identification, and internet connection (using dynamic URLs or Tor networks to disguise their location)
  • In conclusion, it’s important to stay vigilant and aware of the newest tactics that malware creators use to bypass detection. To protect yourself and your organization, it’s vital to keep your security software up-to-date, regularly back up your data, and educate yourself and your employees about the latest threats.

    ???? Pro Tips:

    Here are five tips related to malware detection:

    1. Encrypted Communication: One technique that malware can use to avoid detection is via encrypted communication. Encrypted communication makes it difficult to intercept and inspect traffic, and therefore malware can go unnoticed.

    2. Polymorphic Malware: Polymorphic malware is created to mutate and change its code frequently to evade detection. Using this technique, malware can avoid detection from signature-based detection tools.

    3. Rootkit Kits: A rootkit is a type of malware that is installed on a computer to gain administrator-level access. Rootkit kits provide a framework that can be customized to create more advanced malware and avoid detection.

    4. Fileless Malware: Fileless malware can run directly in memory without leaving any trace behind on the hard disk. As a result, traditional malware detection tools may be less effective in identifying fileless malware.

    5. Social Engineering: Malware can use social engineering techniques to deceive users into downloading the malware or bypassing antimalware tools. These attacks often come in the form of phishing emails, malicious links, and other tactics to trick users into installing the malware.

    Techniques used by malware to avoid detection

    Malware has always been a critical challenge for cyber security experts and organizations. It comes in many forms, including viruses, worms, Trojan horses, ransomware, spyware, and adware, with the goal of compromising data and causing harm to systems. One of the biggest challenges of detecting malware is that it is designed to remain undetected. Generally, malware uses sophisticated techniques to avoid detection by security software and experts. Here are seven techniques that malware uses to avoid detection:

    Importance of awareness of the environment

    The environment in which malware is running is significant as awareness of the system specifics can be used to detect or trap the malware. Malware can detect security software, and antivirus running on a compromised system, which is why specific information about the environment in which the malware is running is an important factor of detection. By understanding where and how the malware is behaving, system administrators can detect unusual behavior and activity which signals the presence of malware.

    Examples of Environmental awareness bullet points:

  • Information about OS and system architecture
  • List of running processes and services
  • Network Connections and properties

    Utilization of the timing-based method by malware

    The timing-based method is another technique utilized by malware to avoid detection. Malware may be programmed to pause or slow down its activity when it detects that the system is being monitored. This technique is used to deceive behavior-based detection systems that trigger alarms when too many actions happen in quick succession.

    Role of user interaction in avoiding detection

    Malware often relies on user interaction to initiate an attack. Attackers lure users into clicking on links or opening attachments that contain malicious files. Once the user interacts with the attack file, the malware is then triggered, and the attacker gains control of the victim’s system. Malware tactics often mimic legitimate files, which makes it hard to distinguish a malicious file from a real one.

    Domain, IP identification, and internet connection as evasion techniques

    Malware can often disguise its network traffic using various evasion tactics. For example, malware might use a domain or IP that is unfamiliar to deceive the security software. Malware often communicates with the attacker’s server to receive instructions and enable future attacks. This communication can be encrypted, or malicious traffic can be hidden inside legitimate traffic to avoid detection.

    Understanding the concept of Stegosploit

    Steganography is an approach that malware often uses as a method of avoiding detection. Steganography is the practice of hiding data within other data, often using glitches in image files. Stegosploit is a recently discovered technique that uses malvertising to infect systems with malware. Malvertising is where an attacker uses advertising to surreptitiously distribute malware and infect victims’ systems.

    Significance of coding obfuscation, encryption, or compression

    Malware operators often use coding methods like obfuscation, encryption, or compression to mask their activity. Obfuscation changes the code’s appearance to make it hard for security software to identify. Encryption hides the code’s contents, making it impossible for anyone without a secret key to decipher. Compression makes the code smaller, so it is harder to detect.

    Examples of Coding Obfuscation bullet points:

  • Re-naming variables
  • Breaking string up into pieces
  • Encoding the function

    Final thoughts on malware detection and prevention

    As malware continues to evolve, it becomes increasingly difficult to detect and protect against. Organizations must use a combination of different techniques and tools to protect their systems against attacks. Awareness of the environment, utilization of behavior-based detection, and the practice of network segmentation are effective ways to mitigate the damage caused by malware. Security software must also be well-maintained, and the latest updates and patches must be applied promptly. To prevent future malware attacks, organizations need to invest in employee education and invest in appropriate security measures such as firewalls and security update monitoring.