A novel malicious remote administration tool using stealth and self-defense techniques

Kazoleas, Ioannis; Karampelas, Panagiotis

doi:10.1007/s10207-021-00559-2

Cited by 4 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DarkComet is a remote access trojan (RAT) application that operates covertly, collecting system information, user data, and network activity. RAT applications often employ packing techniques to evade detection [47]. DarkComet attempts to steal stored credentials.…”

Section: Unknown Packersmentioning

confidence: 99%

Identifying Malware Packers through Multilayer Feature Engineering in Static Analysis

Alkhateeb,

Ghorbani,

Habibi Lashkari

2024

Information

View full text Add to dashboard Cite

This research addresses a critical need in the ongoing battle against malware, particularly in the form of obfuscated malware, which presents a formidable challenge in the realm of cybersecurity. Developing effective antivirus (AV) solutions capable of combating packed malware remains a crucial endeavor. Packed malicious programs employ encryption and advanced techniques to obfuscate their payloads, rendering them elusive to AV scanners and security analysts. The introduced research presents an innovative malware packer classifier specifically designed to adeptly identify packer families and detect unknown packers in real-world scenarios. To fortify packer identification performance, we have curated a meticulously crafted dataset comprising precisely packed samples, enabling comprehensive training and validation. Our approach employs a sophisticated feature engineering methodology, encompassing multiple layers of analysis to extract salient features used as input to the classifier. The proposed packer identifier demonstrates remarkable accuracy in distinguishing between known and unknown packers, while also ensuring operational efficiency. The results reveal an impressive accuracy rate of 99.60% in identifying known packers and 91% accuracy in detecting unknown packers. This novel research not only significantly advances the field of malware detection but also equips both cybersecurity practitioners and AV engines with a robust tool to effectively counter the persistent threat of packed malware.

show abstract

Section: Unknown Packersmentioning

confidence: 99%

Identifying Malware Packers through Multilayer Feature Engineering in Static Analysis

Alkhateeb,

Ghorbani,

Habibi Lashkari

2024

Information

View full text Add to dashboard Cite

show abstract

“…Hence, they need to include finegrained details during code conversion. Smart malware such as SBTDDL [31] and Remote Administration Tool (RAT) [32] evades anti-malware. TaintDroid is an on-device, dynamic app privacy leakage detector.…”

Section: Related Workmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

Android Smartphone's popularity among users and developers is due to its open architecture and third-party apps. The exponential growth of third-party developer apps needs a robust code audit before upload. The weak program analysis at app stores adversely affects security. Third-party developers can update the app to introduce malicious activities. Sensitive sensor hardware and software resources are exfiltrated for leaking sensitive user data like messages, contacts, audio, and images. Malicious hidden features undermine user permission, including short message service (SMS), audio and video recording, voice calls, and image capturing. This paper treats the covert activities as called malicious features. The paper proposes a robust inter-component communication (ICC) based detection approach to identify such hidden functionality exploited by adversaries. The proposed technique detects sensitive features exploited by persistent malware without user knowledge. Despite the asynchronous characteristics of the ICC Application Programming Interface (API), we develop a precise ICC-based component-interaction graph (CIG) from the app bytecode. Moreover, we enrich the CIG with data flow analysis to identify the component reachability utilizing malicious features from legitimate user interactions. The proposed static app analysis framework identifies the prominent malware which exploits sensitive device resources. We assessed 25K benign and 13.3K malicious apps from 211 malware families with a classification rate of 0.40 % false positive (FP) and 0.37 % false negative (FN), better than existing state-of-the-art. In addition, we detect hidden features in unseen apps that subvert traditional antimalware.

show abstract

Proactive threat hunting to detect persistent behaviour-based advanced adversaries

Bhardwaj,

Bharany,

Almogren

et al. 2024

Egyptian Informatics Journal

View full text Add to dashboard Cite

A novel malicious remote administration tool using stealth and self-defense techniques

Cited by 4 publications

References 13 publications

Identifying Malware Packers through Multilayer Feature Engineering in Static Analysis

Identifying Malware Packers through Multilayer Feature Engineering in Static Analysis

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Proactive threat hunting to detect persistent behaviour-based advanced adversaries

Contact Info

Product

Resources

About