Attackers Adopting Novel LOTL Techniques to Evade Detection
HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns
Stay ahead of threats with the latest on evasion techniques in infosec. Insights on how attackers bypass defenses and updates on countermeasures.
Search across headline titles and summaries.
Background for this topic.
Evasion is the deliberate concealment or modification of malicious code, commands, traffic, or behavior to bypass security controls and avoid detection. Common examples include code obfuscation, encrypted or rapidly changing payloads, abuse of trusted system tools, and disguising command-and-control traffic as ordinary network activity. It can target antivirus signatures, email and web filters, endpoint monitoring, or analysts investigating suspicious activity.
Successful evasion can reduce visibility, delay detection, and allow unauthorized activity to continue, although it may still leave behavioral or operational evidence. Mitigation should combine signature detection with behavior-based analytics and reliable endpoint, identity, and network telemetry. Restricting unnecessary scripting and administrative tools, applying application controls, and protecting centralized logs make abuse harder and preserve evidence. During investigations, examine process ancestry, unusual tool use, persistence changes, and deviations from expected user or host behavior rather than relying solely on file hashes or other easily changed indicators.
HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns
With legit sounding names, EvilAI's "productivity" apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses.
The pervasive Vidar infostealer has evolved with a suite of new evasion techniques and covert data exfiltration methods, according to researchers.
Trend Micro Researchers Uncover New Ransomware StrainA newly identified ransomware group is targeting victims across the Asia Pacific region using custom-built evasion capabilities that could pose a "significant threat" to organizations, warn researchers at security firm Trend Micro. The Gentlemen deploys customized methods tailored to each target.
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT
Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques