Outside-the-box malware is getting more common, security researchers warn

Malware authors have been experimenting with unusual malware formats, presenting new challenges for the security industry.

Most malware authors have become lazy in the past few years, copying code and techniques from each other. A few, however, “have invested in really fresh ideas,” building tools that are often difficult to detect by antivirus software and pose challenges to human researchers," Aleksandra Doniec, malware intelligence analyst at Malwarebytes, tells CSO.

Doniec worked with Mark Lechtik, malware research team leader at Check Point, to analyze several outside-the-box samples. The two researchers presented their findings during Kaspersky Lab’s SAS 2019 conference on April 10 in Singapore to raise awareness on the rise of what they call “funky malware formats”—malware that breaks traditional rules and comes in different shapes and sizes.

In the last few years, the researchers looked at different kinds of unusual malware, from those using niche file types to malware that unusually alters the format of a binary file. “In a sense, these are a spark of creativity for those people who do malware software development, who want to be thought leaders in their own field,” Lechtik said.

Creative malware can be the work of any hacking group, not just resourceful nation-state actors, according to the researchers. “Truth is that you would also come across quite a few cases where cybercriminals would leverage [funky malware] formats to remain undetected and evade security products,” Lechtik said.

Among the victims of such attacks were probably banks, Asian companies and activists, the two researchers said in their presentation.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!