Analysis and Detection of PWS Malware

Abstract

Cyberdefense became important, especially duringthe last decade. The rapid growth of information technologiescaused a significant increase in cyber attacks and threats onthe Internet. Malware analysis forms a critical component ofcyberdefense mechanisms. In this article, we study the issue ofmalicious code and its various types, with a specific focus on thetype known as PassWord Stealers (PWS). To do so, we deployedseveral methods of analyzing binary executable code, such asstatic and dynamic analysis, and sandboxing. We analyze 11recently discovered malware families. From that, we discovered3 new strains of malware, namely SevenStealer, NeedleDropper,and AtlantidaStealer. Furthermore, we have created appropriatedetection rules for all of these malware, which have improvedthe detection capabilities of Avast anti-virus (AV) softwareworldwide. At the end of this article, we present the resultingdata illustrating the spread of analyzed malware in the user baseof the Avast company.