Scientists at Perm National Research Polytechnic University (PNRPU) have developed a new algorithm for detecting stealers based on the YARA system. Their method analyzes the behavior of viruses, identifying characteristic signatures and actions, such as masquerading as legitimate processes or attempting to conceal their activity. YARA is a set of instructions (codes) that help detect malicious software. The instructions are based on unique patterns that each specialist can create individually for their tasks.
Our method analyzes the behavior of the virus: what processes it launches, what files it interacts with, whether it tries to use any techniques to hide its work, and so on. This approach allows us to understand the characteristic behavior of the stealer, even if its code has been changed or masked. The scientists' method also pays attention to signatures — this is a kind of "fingerprint" of the malware, that is, a unique sequence of bytes or strings.
Testing of the technology showed 93% accuracy when scanning 192 files, including 94 infected ones. The development can be integrated into antivirus systems and monitoring platforms, allowing for rapid adaptation to new threats.
Stealers, such as Lumma Stealer, are often distributed through fake file conversion sites (e.g., PDF to Word), phishing emails, and theft sites. They pose a threat to both private users and companies, as stolen data can be used for fraud or targeted attacks.
In 2024, the number of cyber threats related to the theft of confidential data has increased dramatically. According to Dr.Web antivirus, the number of unique malicious programs increased by 51.22%, and the total volume of threats increased by 26.20%.
Читайте ещё материалы по теме:
ИИ от NtechLab поможет москвичам находить потерянные на транспорте или в парках вещи
