Definition
Malware obfuscation is a technique for changing malware code to conceal its identity. It involves changing the code’s logic, structure, and appearance without interfering with its core functions.
Common Malware Obfuscation Methods
- Code obfuscation: It involves modifying the malware code to make it incomprehensible, such as inserting irrelevant code snippets or compressing it.
- Control flow obfuscation: It increases the complexity of the code, making it challenging to analyze. This may be accomplished by including conditional statements in the code or adding redundant loops.
- Data obfuscation: Conceals critical malware data using custom data encoding, data fragmentation and string encryption techniques.
- Anti-analysis techniques: It involve using strategies such as automatic detection of sandboxed environments or debugging tools to make examining the malware in a controlled environment difficult.
- Polymorphism and metamorphism: Change the malware structure and appearance at each stage of infection by generating unique variants with different signatures or changing its own code structure.
- Steganography: It involves hiding malware in benign-looking documents, images, and other media so that the infection blends in with legitimate files.
