Malware Now Knows If It’s Being Sandboxed

Sandboxing was one of the best ways to test the security of programs and files.  Until now…

As technological advancements continue to be made, the malware authors aren’t far behind.  Malware creators are now finding ways to determine if malware is being installed on a virtual machine, or being “sandboxed”, and if so it lays dormant to avoid detection.

Many individuals use virtual machines to test different potential malware samples.  They do this, because by doing so on a virtual machine mitigates the risk of the malware spreading.  However, now malware authors have found a way to identify if the malware is being used on a virtual machine.  Upon recognition of being sandboxed, the malware goes dormant.

One way, researchers have found, is for the malware to collect data from the “Recent Documents” option within the PC.  If there are more than a few documents there, than it is deemed a legitimate PC and proceeds with the infection.  Now we’re thinking, if we just load up our virtual machines with “Recent Documents” they’ll never be the wiser.  Wrong.  According to Yahoo Tech, the anti-sandbox malware also detects the IP of the system and cross references it with a known blacklist of security firm addresses.  So if it finds itself in the midst of a security empire, it’ll again go into hiding.


 692 total views,  1 views today

(Visited 1 times, 1 visits today)
Related Reading  New Malware Warning Issued by CISA, DOD, and FBI

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.