Skip to main content
  1. Home
  2. Computing
  3. News

Malware can now detect virtual machines, and then go dark like a Cold War spy

Jon Martindale
By

Radek Gryzbowski/Unsplash
One of the more effective ways to counter a malware infection is to make sure that it infects something that can’t have much of an influence on the rest of the system, like a sandboxed virtual machine. However as malware continues to evolve, its creators are now discovering ways to detect whether it is simply wasting its time infecting virtual machines, so it can go after more legitimate targets.

Discovered by Caleb Fenton with security firm SentinelOne (via ThreatPost), this new form of malware is able to sniff out that it currently resides on a virtual machine. Purportedly it does this by analyzing the number of documents on the machine. Low numbers would suggest some form of testing environment, which could tip it off that it’s sandboxed.

Recommended Videos

After making such a discovery, the malware becomes dormant, deliberately hiding itself as best as possible to avoid any detection techniques by potential security staff or automated tools. Although that particular piece of malware may become redundant to the creator at that point, avoiding detection is incredibly important in such a situation.

Related: Warning from police: Never plug in a USB stick you get in the mail

Since security researchers can use virtual machines to learn a lot about a piece of malware without risking any spread of infection, keeping the nefarious software under wraps allows its clones to proliferate in the wild for a little while longer.

In one specific example that Fenton discovered, the malware would search a machine for Microsoft Word documents using the Recent Documents Windows function. If it discovered two or more, it would initiate and download its malware payload. If those files were not found, it shuts down and obfuscates its location to try and avoid detection.

To try and avoid smart security researchers who may have added a number of Word documents to the system to avoid tripping that check, the anti-sandbox malware also detects the IP of the system and cross references it with a known blacklist of security firm addresses. Again, if it finds itself in the belly of the IT security beast, it will halt all actions and try to hide.

Although not exactly unique, these techniques are rather new and represent the next evolution in the ongoing war between white and black hats the world over. Extending the life of malware can go a long way to improving its viability as an attack vector, often more so than simply making the malware harder to stop.

Editors' Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Amazon deals: TVs, laptops, headphones and more
iPad Air on a white background.

Amazon is one of the most popular retailers on the planet. It has almost anything and everything you could hope to shop for, and that includes tech like laptops, headphones, TVs, and even devices made to make life around the home a little easier. And whether you’re shopping for one of the best smart home devices or something more tailored to work or play, Amazon always shows up with ways to save. Right now it has a ton of laptop deals, TV deals, headphone deals, and more to shop. We’ve walked down the aisles of Amazon and picked out what we feel are some deals worth shopping, so read onward for more details.
Vizio 50-inch V-Series 4K smart TV — $223, was $360

The Vizio V-Series 4K Smart TV amazing picture quality for its price point, as well as a wide variety of smart features. It has an IQ Active Processor that delivers superior picture processing. This processor also enables the TV to upscale all of your favorite HD content into 4K quality as you watch. This TV also features a gaming engine that makes gameplay more responsive with less lag and a high refresh rate. This is something to consider if you’re a gamer and somebody who likes to watch fast-paced content such as sports and action movies.

Read more
How to delete files on a Chromebook
HP Dragonfly Pro Chromebook top down view showing keyboard and touchpad.

Your Chromebook has quickly become your everyday computer. Using it for just about everything, including web browsing, word processing, gaming, and social media, we bet there’s going to come a time when you need to delete some files from your PC. Doing so will not only allow you to store more media locally, but it should also help to improve the performance of your go-to Chromebook device.

Read more
Best gaming chair deals: Save on Corsair, Razer, and more
Razer - Iskur Gaming Chair.

Sitting down to play video games for hours and hours can be a lot of fun, but it can also be pretty bad for your health. Beyond just the lack of circulation, most modern chairs are not really made to have us sit in them for long periods, and so they don't offer things like lumbar support or breath to help keep us cool. Luckily, gaming chairs have come to the rescue, and if you're looking to at least help keep your body safe and healthy, going for a gaming chair can make a big difference. That said, gaming chairs can be quite expensive, which is why we've gone out and found some of our favorite gaming chair deals for you to pick from.
Homall Massage Gaming Chair -- $85, was $170

The Homall Massage Gaming Chair is affordable, but it will get the job done of keeping you comfortable while playing video games with its ergonomic design and high-quality PU leather materials. It's got head and waist pillows with a massage function that sets it apart from other cheap gaming chairs. The backrest can recline between 90 degrees and 180 degrees so you can find the perfect angle, and it also has a retractable footrest for an extra sitting position.

Read more