Malware can now detect virtual machines, and then go dark like a Cold War spy

Radek Gryzbowski/Unsplash
One of the more effective ways to counter a malware infection is to make sure that it infects something that can’t have much of an influence on the rest of the system, like a sandboxed virtual machine. However as malware continues to evolve, its creators are now discovering ways to detect whether it is simply wasting its time infecting virtual machines, so it can go after more legitimate targets.

Discovered by Caleb Fenton with security firm SentinelOne (via ThreatPost), this new form of malware is able to sniff out that it currently resides on a virtual machine. Purportedly it does this by analyzing the number of documents on the machine. Low numbers would suggest some form of testing environment, which could tip it off that it’s sandboxed.

After making such a discovery, the malware becomes dormant, deliberately hiding itself as best as possible to avoid any detection techniques by potential security staff or automated tools. Although that particular piece of malware may become redundant to the creator at that point, avoiding detection is incredibly important in such a situation.

Related: Warning from police: Never plug in a USB stick you get in the mail

Since security researchers can use virtual machines to learn a lot about a piece of malware without risking any spread of infection, keeping the nefarious software under wraps allows its clones to proliferate in the wild for a little while longer.

In one specific example that Fenton discovered, the malware would search a machine for Microsoft Word documents using the Recent Documents Windows function. If it discovered two or more, it would initiate and download its malware payload. If those files were not found, it shuts down and obfuscates its location to try and avoid detection.

To try and avoid smart security researchers who may have added a number of Word documents to the system to avoid tripping that check, the anti-sandbox malware also detects the IP of the system and cross references it with a known blacklist of security firm addresses. Again, if it finds itself in the belly of the IT security beast, it will halt all actions and try to hide.

Although not exactly unique, these techniques are rather new and represent the next evolution in the ongoing war between white and black hats the world over. Extending the life of malware can go a long way to improving its viability as an attack vector, often more so than simply making the malware harder to stop.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Mobile

Most Android antivirus apps fail to provide malware protection, study shows

A study by AV-Comparatives analyzed the effectiveness of Android antivirus apps in protecting against the 2,000 most common malware threats. Alarmingly, only 23 of the apps were able to detect 100 percent of the malware samples.
Emerging Tech

It’s not time travel, but scientists can turn back clock on a quantum computer

Physicists have demonstrated that they can wind back the clock on a quantum computer a fraction of a second. Don't get too excited about the prospect of human time travel any time soon, though.
Computing

These are the 6 best -- and free -- antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Computing

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are tools you can use both online and offline. This step-by-step guide will instruct you on how to use them.
Computing

Nvidia’s rumored 7nm Ampere graphics could debut next week, but not for gamers

Nvidia's next-generation 7nm Ampere graphics could debut as early as next week at the GTC show as part of an effort to catch up to rival AMD, which announced a competing 7nm Radeon GPU earlier this year.
Computing

Latest Skype preview now lets you chat with up to 50 people on a video call

The latest beta version of Skype is introducing an ability to enter a video call with up to 50 people, a change from the current public version which has a maximum limit of 25 participants.
Computing

Intel’s next-gen Comet Lake processors will reportedly arrive with 10 cores

Intel may give its next-generation desktop processor, known by its Comet Lake code name, a maximum of 10 cores, according to code found within the company's Linux drivers. Laptop CPUs will reportedly top out with six cores.
Computing

Western Digital’s $55 solid-state drive gives new life to your aging PC

Western Digital is hoping that you'll pick up one of its affordable WD Blue SN500 solid-state drives to give your aging PC more storage and a speed boost. WD's NVMe-based drives are up to three times faster than older SATA SSDs.
Computing

Give your discs some extra life by watching DVDs and Blu-rays on Windows 10

Popped a disc into your Windows machine but feel lost without Media Center? You're not alone. But don't fret, with just a few tips you can learn how to watch DVDs and Blu-rays for free in Windows 10 in no time.
Deals

Walmart slices price on Canon ImageClass MF232W Wi-Fi laser printer

If you don’t need color printing, a monochrome laser printer like the Canon ImageClass MF232W can save you a lot of time and money. This beefy all-in-one Wi-Fi printer is on sale from Walmart for almost half off, letting you score it for…
Computing

Is 14 inches the perfect size for a laptop? These 4 laptops might convince you

If you're looking for the best 14-inch laptops, there are a number of factors to consider. You want good battery life, an attractive screen, solid performance, and a good build. Our favorites that do all that and more.
Gaming

Get Corsair’s best mechanical keyboard at a decent discount

From March 17 to 23, you can get one of the best mechanical keyboards around at a great price. The Corsair K95 RGB Platinum is normally $200, but this week you can pick one up from Amazon for $160.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Write music with your voice, make homemade cheese

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!