Scientists at Perm National Research Polytechnic University (PNIPU) have developed a new algorithm for detecting stealers based on the YARA system. Their method analyzes the behavior of viruses, identifying characteristic signatures and actions, such as masquerading as legitimate processes or attempting to hide their activity. YARA is a set of instructions (codes) that help detect malware. The instructions are based on unique patterns that each specialist can create individually for their tasks.
Our method analyzes the behavior of the virus: what processes it starts, what files it interacts with, whether it tries to use any techniques to hide its work, and so on. This approach allows us to understand the characteristic behavior of the stealer, even if its code has been changed or masked. The scientists' method also pays attention to signatures — this is a kind of "fingerprint" of the malware, that is, a unique sequence of bytes or strings.
Testing of the technology showed 93% accuracy when scanning 192 files, including 94 infected ones. The development can be integrated into antivirus systems and monitoring platforms, allowing for quick adaptation to new threats.
Stealers, such as Lumma Stealer, are often distributed through fake file conversion sites (e.g., PDF to Word), phishing emails, and malicious sites. They pose a threat to both private users and companies, as stolen data can be used for fraud or targeted attacks.
In 2024, the number of cyber threats related to the theft of confidential data has increased dramatically. According to Dr.Web antivirus, the number of unique malware programs increased by 51.22%, and the total volume of threats increased by 26.20%.
Read more on the topic:
AI from NtechLab will help Muscovites find items lost in transport or parks
GigaStudio — AI tool for instant web application development in dialogue mode presented by SberTech
