A new malware with self-destruct when analyzed by researchers
When new malware appears in the wild, security researchers use tools and software to conduct an analysis of it to learn more about how it works, but a new piece of malware has made the researchers’ job a living hell by self-destructing when it detects the analysis software.
Security researchers at Cisco have published new research on a malware, named Rombertik, which will go out of its way to avoid getting analyzed by deleting essential data in the Windows system file called the Master Boot Record (MBR) sending the computer into an endless reboot loop.
The malware also attempts to fool the researchers’ sandboxing tools by writing a random byte of data to the system’s memory over 960 million times.
Security expert Graham Cluley said destructive malware like Rombertik is quite rare, “because malware these days doesn’t want to draw attention to itself, as that works against its typical goal – to lie in wait, stealing information for a long time.”
Once on a victims’ computer, Rombertik steals login information and other personal data entered into any website “in an indiscriminate manner” before sending the data to the attacker.