INSUBCONTINENT EXCLUSIVE:
In an effort to bypass security software using AI and machine learning to detect malware, cybercriminals have begun to add text from news
articles about the coronavirus to the TrickBot and Emotet Trojans.Before distributing malware in phishing campaigns and other cyberattacks,
Cybercriminals often do this in an attempt to bypass users' antivirus software.This technique has proven to be particularly effective
against security software that uses machine learning or AI to detect malicious programs.Back in January, it was discovered that crypters for
both the TrickBot and Emotet Trojans were using text from news stories about President Trump's impeachment.However, BleepingComputer
recently discovered that the crypters for these two Trojans have switched to using coronavirus-related news stories
For example, TrickBot samples were found to utilize strings taken from CNN news stories as part of the malware's file description
Additionally, the news outlet also saw an Emotet sample that uses strings from another CNN news story for its file information.Currently, it
is not yet known if using these strings has any benefit to the cybercriminals behind these two Trojans but in an email, Head of
SentinelLabs, Vitali Kremez explained to BleepingComputer that the technique could help cybercriminals bypass antivirus software, saying:"By
and large, the Coronavirus strings being used by the malware crypter generator deploy public news content as a methodology to frustrate
certain machine learning static file parser methodologies
This "goodware" string addition technique allows the criminal crypter operators to create crypted binaries that might allow bypasses of
AI/ML engines of certain anti-virus products as it was proved in the Cylance bypass method."Via BleepingComputer
