[HN Gopher] Phantom Malware: Conceal malicious actions by imita... ___________________________________________________________________ Phantom Malware: Conceal malicious actions by imitating user activity Author : MalwareGuy Score : 65 points Date : 2021-01-31 18:04 UTC (4 hours ago) (HTM) web link (ieeexplore.ieee.org) (TXT) w3m dump (ieeexplore.ieee.org) | rychco wrote: | The author also created a video demonstrating a PoC | https://youtu.be/uf08omKOoxY | sabas123 wrote: | Imitating users to avoid detection isn't really a new technique | dang wrote: | Submitted title was "New powerful malware obfuscation | technique". Submitters: please don't do that. The site | guidelines ask: " _Please use the original title, unless it is | misleading or linkbait; don 't editorialize._" | | https://news.ycombinator.com/newsguidelines.html | | We've changed the title above to the article title now | (shortened to squeeze into HN's 80 char title limit.) | unnouinceput wrote: | All these techniques are based on the malicious software already | having access to the system. As Raymond said "you're already on | the other side of airtight door". | | Perhaps instead of relying on antivirus/antimalware programs to | protect you, better educate the user. In no future time will ever | exists a program that will be 100% idiot proof ("the Universe | will always come with a better idiot" - quote from somebody way | smarter than me) | px43 wrote: | Or maybe instead of educating the users we should be educating | the criminals so they can get paid to work on more productive | things. Lots of solutions here. | etiam wrote: | I like the basic idea, but at least if educating is to be | understood as imparting trade knowledge and/or skills I | seriously doubt if that particular deficit is what keeping | most of those people off the straight and narrow. | px43 wrote: | Unless you're using publicly available malware that is known to | be used for crime, AV isn't going to detect anything. That's how | it works, and that's how it has to work. | | I haven'y fully read through the paper, but it doesn't look much | different than what attackers have been doing with compiled | AutoIT binaries for decades. | | If it's on Github I'd be interested in looking at the code. If | not it seems like just another academic paper misunderstanding | the real problems faced by both attackers and defenders. | teilo wrote: | Next-gen AV does not rely on signatures to detect malware so | much as heuristics on steroids. I am especially familiar with | SentinelOne. It can detect 0-day ransomeware, for example, as | soon as it tries to encrypt files, and stop it in its tracks. | Any product that does rely on signatures is useless these days. ___________________________________________________________________ (page generated 2021-01-31 23:00 UTC)