Malware is an umbrella term for various types of malicious programs that are delivered and installed on end-user systems and servers. These types of malware programs fall into commonly referred to categories such as:

  • Ransomware: Prevent access to files unless a fee is paid.
  • Backdoors: Remote users can access a system and possibly move laterally.
  • Banking Trojans: View or steal banking credentials to access accounts.
  • Keyloggers: Capture typing, especially credentials.
  • Stealers: Steal data like contacts, browser passwords, etc.
  • RAT: Remote access tools for broad remote control capability.
  • Downloaders: Download other malware, depending on a number of factors.
  • POS: Compromise a point of sale device to steal credit card numbers, debit card and pin numbers, transaction history, and more.

More sophisticated types of malware will combine the capabilities of more than one of the above, and we frequently see malware employing evasion tactics to avoid detection.

A snippet of variable initialization code from the large array of encoded strings

Email Security Policy Management Code Example

Malware Evasion Techniques

Evasion techniques are an important malware topic, as security tool effectiveness goes down when attackers apply one or more evasion techniques successfully. Proofpoint provides a comprehensive malware protection suite with a subset of these malware attack techniques included below:

  • Code obfuscation: Use of encoding to hide code syntax.
  • Code compression: Use of compression formats like gzip, zip, rar, etc to hide code syntax.
  • Code encryption: Apply any number of encryption techniques to hide code syntax.
  • Steganography: Hide code or programs in images.
  • Domain or IP range avoidance: Identify domains or IPs owned by security companies and deactivate malware if it is in those locations.
  • User action detection: Look for actions like right or left clicks, mouse moves, and more.
  • Time delays: Lie dormant for a period of time, then activate.
  • Recent file detection: Look for past actions like opening and closing files from multiple applications.
  • Device fingerprinting: Only execute on certain system configurations.

Attackers can employ one or more of the evasion techniques to give their malware a better chance of avoiding detection and only running on human run systems.

Malware attacks within organisations

Malware has been seen attacking organisations in nearly every vertical. While some criminals use malware to directly attack an organisation, we’ve seen malware attacks attempt to sidestep the normal delivery via email.

Attacking companies that rely on the exchange of external documents has proven to be a good target for criminals. As every organisation depends on people, criminals have keyed into the opportunity to drive malware attacks to targeted companies through the HR function. By using a direct upload or sending resumes through recruiting job sites, attackers have been able to deliver resumes directly to employees while avoiding a key detection mechanism, the secure email gateway.

Female Executive Explains a Network Security Solution to Employees

Backdoored litecoin wallet spread via typosquatted domains

Cryptocurrencies are increasingly being used for mainstream applications, outside of the dark web markets where they still dominate for anonymous payments.

Meet Ovidiy Stealer: Bringing credential theft to the masses

Proofpoint threat researchers recently analysed Ovidiy Stealer, a previously undocumented credential stealer which appears to be marketed primarily in the Russian-speaking regions.

Threat actor goes on a Chrome extension hijacking spree

Chrome Extensions are a powerful means of adding functionality to the Chrome browser with features ranging from easier posting of content on social media to integrated developer tools.

The Human Factor Report

Discover the Proofpoint Human Factor Report. Learn how COVID-19 transformed cybersecurity, the threat landscape, and how we can help you face these new challenges.