New technique allows Trojans to remain in memory to evade detection

Remote access Trojans (RATs) have been used for many years to allow attackers to gain access to and take control of user’s systems. Usually RATs are delivered when a user opens an email attachment or downloads a file from a website or peer-to-peer network. This involves direct delivery of the payload which makes detection easier. Researchers at security company SentinelOne have uncovered a more sophisticated delivery technique that ensures that the payload file remains in memory through its execution, never touching the disk in a de-encrypted state. This lets the attack stay hidden from conventional antivirus technologies. Samples analyzed also… [Continue Reading]