From ‘Evasive Techniques: An Introduction,’ a 2016 whitepaper from Minvera Labs. The company’s Co-Founder and VP of Research, Omri Moyal, is speaking on the ‘Cloud & Data Storage’ session at the upcoming NetDiligence Cyber Risk & Privacy Liability Forum.
[M]any malware authors are similar to legitimate software companies. They aspire to be a profitable venture either by running a shady operation of their own or like in the malware as a service (or MaaS) “business model”– and offer a superior product to their clients.
Evasive techniques are just one aspect of malware, but they are unique. At the moment we are witness to a direct arms race between “good and evil”, with each new malware adding more and more sophisticated tests to be performed prior to the deployment of a payload. Internal competition between “malware vendors” just increases the numbers of techniques added to malware, as “clientele” often prefer the product offering them the ones containing the highest count of evasion techniques.
This explosion in the number of evasive techniques looks frightening at first sight but it creates new opportunities for defenders as well.