How Hackers Change Malware to Make It More Dangerous

As if malware wasn’t dangerous enough on its own, the fact that it keeps evolving makes it even harder to keep up with and defend against.

For example, today, a malware might be well known for infecting Windows computers and stealing passwords, and two years from now that malware may have morphed to including Macs in the attack vector, getting past older network security, and having the ability to control internal webcams.

The evolution of malware isn’t just in individual strains being enabled to do more damage, an evolution has also happened in the industry at large. As its matured, the release of malware such as ransomware have made phishing attacks much more lucrative, taking the creation of malware from a hacker hobby to a business of criminal enterprises. 

Between 2009 and 2018 the number of total malware infections has increased more than 6,400%.

We’ll take a look at why hackers change malware, an example of one that’s particularly dangerous due to its evolution, and what security steps you can take to combat the problem.

Why Do Hackers Change Malware?

Once a malware is sent out to do its damage, why do hackers continue to work with it and change it to add more capabilities? Here are a few reasons.

It’s Cheaper and Easier to Change Existing Malware

One reason that hackers will add new capabilities to existing malware code is that it’s easier than starting from scratch and costs less than paying a coder to create something new.

Since much of hacking and malware intrusions have now become big business for cybercriminals, they look at the cost/benefit analysis just like other companies, and adding onto proven code is simply more efficient in many ways.

To Get it Past a New Defense

It’s a constant back and forth with criminals creating malware and viruses and software developers creating tools to stop them. As soon as a particularly fruitful malware is stopped by a new update to a software or operating system, often the hacker is changing it to address the block and find another way to get it into user systems.

Stick with a Good Thing & Make it Better

Often if a particular code, like a form of ransomware, is performing well and making money for the hacker, they’ll evolve and add onto the well-performing code rather than taking a chance on something new and unproven.

A sign that the “stick with a good thing and make it better” tactic is in use with ransomware comes from the FBI’s recent public service announcement about “high-impact” ransomware attacks threatening U.S. businesses and organizations. 

The PSA noted that even though the overall frequency of ransomware attacks did not increase, the attacks were becoming more targeted, sophisticated, and costly, which points to hackers refining their code and tactics.

To Make Money by Selling It

Just like software manufacturers will update their software and sell a “new and improved” version of it, malware creators have begun doing the same thing. They’re no longer just making malware to use it themselves, they’re designing it as a product that’s sold to the masses on the Dark Web.

So, they create and sell version 2.0, 3.0, etc. of a famous malware product to make money on their version of a “brand.” 

Dangerous Updates to “Predator the Thief” Malware

A prime example of how malware is becoming more dangerous due to changes in its code, is the malware strain Predator in Thief.

This malware was first on the scene in the summer of 2018 and was used in combination with a large phishing campaign. In its original form, the malware was known to steal browser data, usernames/passwords, and the contents of cryptocurrency wallets. Accessing device webcams to take pictures was also built into the initial form of this malware.

Once the malware wreaked havoc, it went fairly quiet until remerging in a new better, stronger evolved form just before Christmas 2019. This 3.3.4 version of the Predator the Thief malware added a WinRAR exploit to help spread the malware and included several new targeting tricks to spread it, such as zip files and false Microsoft documents. 

How Do You Protect Against Evolving Malware?

With the speed that malware is released these days and how it’s changed to be more dangerous over time, the old standard method of checking code against a known database isn’t enough to keep your network protected.

It’s important to employ the use of multi-layered security including things such as:

  • Web protection that blocks malicious URLs
  • Next generation antivirus/anti-malware that looks for suspicious behavior
  • Continuous monitoring of your network for threats
  • Anti-phishing email software that uses sandboxing to catch new threats
  • Employee security awareness training
  • Firewall with advanced threat protection

RCOR Managed Services Plans Include Extensive Malware Protections

RCOR Managed Services Plans are designed to give North Carolina businesses multiple protections against malware and phishing attacks as well as ongoing maintenance and monitoring to keep your technology running efficiently.

Contact us today to get started! Call 919-263-5570 or contact us online.