Malware can now detect and infiltrate virtual machines like a Cold War spy. One of the most effective ways to combat malware is to use virtual machines such as Sandbox,
because if malicious software is only able to operate within the scope of the virtual machine, it will not spread to the rest of the system. But Trojans are evolving and their creators are finding ways to detect and infect virtual machines.
This was discovered by Kilb Fenton and by security company SentinelOne . This new form of malware will be able to infiltrate into virtual machines; apparently by analyzing a number of documents, such as Word files on the virtual machine.
The process is that the malware becomes invisible once it is found in the virtual machine and does its best to hide itself to stay away from all diagnostic techniques.
Security researchers can use virtual machines to learn different parts of a malware, but the new algorithm will allow the malware to reproduce itself.
In a specific example discovered by Fenton ,
Malware can find a virtual machine to find Microsoft Word documents through the Recent Documents Windows feature.
Anti-Sandbox malware can detect the system’s IP and flee from the computers that have blacklisted the malware on their security system.
Again, if the malware detects that it is trapped, it deliberately hides all its activities so that it is not detectable.
Although this technique is relatively new and reflects the evolution of Trojans in the war between viruses and antiviruses, extending the life of malware can be a longer way to improve their viability, although in most cases it is harder to build than kill it.