8 most common malware evasion techniques
- Updated at March 18, 2021
- By Gatefy
- Blog, Threat Research
Malware evasion techniques are a real problem for cybersecurity.
After all, what matters to a malware author is to keep his creation invisible. At first, when a malware comes in contact with different protection and analysis engines, such as a sandbox and an anti-virus, it needs to be kept hidden, quiet. In a second moment, when the malware has already infected a device, it also needs to be kept in secret, evading any tool that can locate it.
That’s what we call evasion techniques.
On the other hand, what matters to us, from a cybersecurity company perspective, is quite the opposite. We work with different engines to detect and block malware, so that they become visible and can then be countered.
That’s why our team has to keep learning all it can about malware evasion.
Table of Contents
Malware evasion techniques
Talking about malware evasion techniques is almost like talking about Tom and Jerry. I mean, it’s an endless dispute, with one always chasing after the other. That said, we’ve put together a list of the 8 most common evasive techniques used by malware.
1. Environmental awareness. It’s the use of different methods to identify a system’s configuration.
2. User interaction. It’s a set of techniques for detecting user actions, such as moving the mouse and clicking.
3. Domain and IP identification. It’s the method of identifying security companies through IPs and domains.
4. Stegosploit. This technique consists of hiding malicious code or malware within images.
5. Timing-based. It’s a method based on periods of time, when a malware takes action at certain times and lies dormant on others.
6. Code obfuscation. It’s a set of coding changes to hide malicious code.
7. Code encryption. It’s the use of encryption to hide malicious code.
8. Code compression. This technique consists of compressing files to hide malicious code.
Cybercriminals don’t usually use one technique alone. Quite the opposite. Most times malware is designed to tackle different situations, thus having a greater chance of success. The good news is that the security community is on the lookout, always learning about these methods of evasion and developing new ways of prevention.
