Though it is unclear when digital obfuscation started being developed seriously, we can point to a few milestones over the last 40 years. Much like early viruses, many early applications of obfuscation were not malicious.
1984 saw the creation of the International Obfuscated C Code Contest, which was the first competition in the world to see who could write the most obfuscated C program. Though it was more of an academic exercise to push the boundaries of obfuscation, it also revealed the power of obfuscation through many mind-boggling creations over the years.
Things picked up in the 1990s and 2000s as digital watermarks, a form of steganography, were used to identify copies of illegally distributed music and movies. This coincided with the passing of the Digital Millennium Copyright Act (DMCA) in 1998, which was used by the music and movie industries to combat piracy.
The early 2000s also saw the first instances of obfuscated malware. In 2005, we saw the PoisonIvy remote access trojan (RAT) hide part of its code to evade signature-based detection tools. Another RAT, Hydraq, used spaghetti code in 2009 as a means of obfuscation. It rearranged code blocks so that it could not be followed linearly, then used jump instructions to execute them in the right order.
Notably, the MITRE ATT&CK entry on obfuscated files or information is relatively new, having only been created on 31 May 2017. Few procedure examples in its database were found before 2015, indicating an explosion of interest around obfuscation in recent years.
More recently, we see signs of maturation and commercialization in the marketplace. In 2020, researchers found a number of vendors providing obfuscation-as-a-service for Android applications, with prices starting at $20 per APK. Impressively, this off-the-shelf service reduced payload detection rates by nearly 50%.
FAQs
Malware obfuscation is the act of making the code of a program hard to discover or understand—by both humans and computers—but without changing how the program works. The goal is not just to make a program unreadable, but to hide its presence completely.
What are malware detection techniques? ›
Signature-based detection (SBD)
Signature-based detection works by identifying malware through its unique identifier, known as signatures, comparing it to an existing malware database, and eliminating it before infiltrating a system.
What is the obfuscation technique? ›
Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program.
What are two techniques that malware can use to avoid detection? ›
Packers and Crypters: Packers and crypters are techniques used in malware to evade signature-based detection. Packers are tools that compress and encrypt the malware's code, creating a new executable that requires a specific unpacking routine to be executed, before revealing the original malicious code.
What are the different types of obfuscation? ›
Three of the most common techniques used to obfuscate data are encryption, tokenization, and data masking. Encryption, tokenization, and data masking work in different ways. Encryption and tokenization are reversible in that the original values can be derived from the obfuscated data.
What is an example of obfuscate? ›
to make something less clear and harder to understand, especially intentionally: She was criticized for using arguments that obfuscated the main issue. Companies deliberately obfuscate figures in complicated annual reports.
How do you know if you have malware on your phone? ›
Find more signs of malware
- Alerts about a virus or an infected device.
- Anti-virus software you use no longer works or runs.
- A significant decrease in your device's operating speed.
- A significant, unexpected decrease in storage space on your device.
- Your device stops working properly or working altogether.
How To Know if You Have Malware
- suddenly slows down, crashes, or displays repeated error messages.
- won't shut down or restart.
- won't let you remove software.
- serves up lots of pop-ups, inappropriate ads, or ads that interfere with page content.
- shows ads in places you typically wouldn't see them, like government websites.
Check for Android malware using Play Protect
- Open the Play Store on the Android device you want to scan.
- Tap on your profile in the upper-right corner.
- Tap on Play Protect.
- Tap Scan.
- Tap on the option to remove any detected malware.
Single Letter Variable Names
If you call your variables a, b, c, then it will be impossible to search for instances of them using a simple text editor. Further, nobody will be able to guess what they are for.
Regardless of the method used, the goal of obfuscation is to make the attacker unable to comprehend the code logic. This is achieved by replacing variable names, deleting unused metadata, and other techniques that make it difficult for the hacker to tamper with your code.
What are the tools for obfuscation? ›
Some of the top code obfuscation tools are ProGuard for Java bytecode, DexGuard for Android apps, ConfuserEx for . NET, Dotfuscator, and SmartAssembly. These tools employ various techniques such as renaming, string encryption, and control flow obfuscation to make reverse engineering difficult.
How to know if malware is running in the background? ›
Check if your computer is running slower than usual.
Most malware will run tasks in the background that consume a higher percentage of your computer's resources. If your computer is running slow, even without any other programs running, your computer may be infected with malware.
What is a type of malware that is so difficult to detect? ›
Bots and botnets
Botnets can include millions of devices as they spread undetected. Botnets help hackers with numerous malicious activities, including DDoS attacks, sending spam and phishing messages, and spreading other types of malware.
How to detect malware on iPhone? ›
How to check your iPhone for malware
- Look for unfamiliar apps. If you're anything like the average smartphone user, you've probably downloaded dozens (if not hundreds) of apps. ...
- Check your data usage. ...
- Check power consumption. ...
- Keep an eye on pop-up ads. ...
- Scan your phone using antivirus software.
Example: "The source code for proprietary software is almost guaranteed to be obfuscated since product duplication is rampant in the technology sector. This is especially when dealing with jurisdictions where intellectual property rights are lacking."
What are the risks of obfuscation? ›
It's worth noting that obfuscation should not be relied upon as the sole means of securing your software, as it is not a foolproof method and can be circumvented by determined hackers with enough resources and time. It should be considered as one part of a multi-layered approach to security.
What is the difference between packed and obfuscated malware? ›
Obfuscated programs are ones whose execution the malware author has attempted to hide. Packed programs are a subset of obfuscated programs in which the malicious program is compressed and cannot be analyzed. Both techniques will severely limit your attempts to statically analyze the malware.
What is a malware that locks you out of your device? ›
Ransomware locks or encrypts files or devices and forces victims to pay a ransom in exchange for reentry. While ransomware and malware are often used synonymously, ransomware is a specific form of malware. Common types of ransomware include the following: Locker ransomware completely locks users out of their devices.
