Your mouse may actually be a RAT in disguise
Security
researchers have discovered a Trojan that attaches its malicious code
to routines normally used only to control the inputs from mouse clicks.
The tactic is designed to smuggle malicious code past automated threat analysis systems. During such procedures there's no user input and certainly no mouse moving and clicking. The malicious code is designed to remain inactive unless the mouse itself is in use, giving a fair chance that the RAT (remote access Trojan) will remain undetected.
The
growing volume of malware means automated threat analysis systems are
increasingly important. Only the more unusual analysis work gets passed
on to human analysts. Even if the mouse-attached RAT gets caught out at
this stage it still gains extra longevity. The development means that
anti-virus firms will probably need to include a virtual mouse clicker
and nudger in their automated analysis routines.
The sneaky mouse-hogging malware was detected by security researchers at Symantec. The security giant has also come across strains of malware that use "sleep mode" to evade dynamic analysis systems.
A detailed write-up of both (unnamed) threats can be found in a blog post here
The tactic is designed to smuggle malicious code past automated threat analysis systems. During such procedures there's no user input and certainly no mouse moving and clicking. The malicious code is designed to remain inactive unless the mouse itself is in use, giving a fair chance that the RAT (remote access Trojan) will remain undetected.
The sneaky mouse-hogging malware was detected by security researchers at Symantec. The security giant has also come across strains of malware that use "sleep mode" to evade dynamic analysis systems.
A detailed write-up of both (unnamed) threats can be found in a blog post here
Comments
Post a Comment