A new breed of malware hiding in popular online platforms like Dropbox and Discord is poised to infect unsuspecting users, according to a new study.
Recent research from Georgia Tech's Cyber Forensics Innovation (CyFI) Lab sheds light on this new form of danger called Web App-Engaged (WAE) malware. The lab's findings indicate a staggering 226% surge in WAE malware since 2020.
WAE Malware Hiding in Dropbox, Discord
The team has devised a tool that enables cybersecurity responders to effectively remove nearly 80% of detected WAE malware by partnering with service providers.
Mingxuan Yao, a Georgia Tech PhD student, highlighted the pivotal role of web applications in our online activities, encompassing content delivery, data storage, and social networking.
He said that these platforms have evolved into fertile grounds for malicious actors. WAE malware, meticulously engineered to exploit web applications, presents substantial risks to users.
"Web applications have become an integral part of our online lives, offering various services such as content delivery, data storage, and social networking," Yao said in a press statement.
"Unfortunately, these utilities have made web applications an attractive playground for malware creators. WAE malware is designed to exploit these applications, posing several risks to users," he added.
Malware Covert Approach
Strikingly, WAE malware adopts a covert approach. Instead of directly compromising the security of web applications, it employs a deceitful tactic.
According to the researchers, by masking its malevolent traffic to appear innocuous, it operates covertly, executing its operations without arousing suspicion.
The team noted that addressing these threats requires concerted efforts involving incident responders and web app providers. While such collaboration has been lacking, CyFI Lab's research endeavors to foster this cooperation, shedding light on the prevalence and attributes of WAE malware.
The researchers developed Marsea to autonomously analyze WAE malware in depth. The tool identifies and isolates abuse based on a web app's identity and assets.
In a trial involving 10,000 malware samples, Marsea brought to light nearly a thousand instances of malware distributed across 29 distinct web applications.
Marsea also brought to attention that assailants are relocating their malevolent command-and-control servers to these web applications, effectively bypassing detection. With Marsea in action, the research team collaborated with web app providers to erase 79.8% of the malicious content.
The team presented their empirical study, titled "Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware," at the 32nd USENIX Security Symposium.
This paper was a collaborative effort, with Jonathan Fuller from the United States Military Academy and Georgia Tech Ph.D. candidates Ranjita Pai Kasturi, Saumya Agarwal, and Amit Kumar Sikder, along with Assistant Professor Brendan Saltaformaggio as co-authors.
The study's abstract underscores the critical need for swift collaboration between incident responders and web app providers to thwart WAE malware.
Marsea, the automated malware analysis pipeline, has been instrumental in identifying and combatting this form of malware, highlighting a significant increase in its prevalence since 2020.
The study also claimed that the tool's implementation has already resulted in the removal of half of the malicious web app content through collaboration with providers.
Related Article : New MacOS Malware Named 'Realst' Is Targeting Crypto Wallets