• Demystify Cyber

Fact Sheet - malware persistence

Updated: Mar 23

When a criminal has taken all that effort to install malware on your computer or network they want it to stay there undetected and active for as long as possible. Ways to keep malware active on a compromised device, even after rebooting, is referred to as malware persistence.

There are many ways for criminals to gain malware persistence in an infected computer, and understanding a bit about this can help everyone who uses technology stay just that little bit safer from cybercrime.

The below is a very brief list covering three ways malware can gain persistence on a compromised computer.

Three ways malware can gain persistence

1. Compromised accounts

If the account used for the computer has been compromied (such as via a phishing email) the criminal could use the account details to ensure the computer remains infected.

2. Start up folder / launch agents

As a computer starts, it automatically runs through processes to ensure everything is operating and connected for the user. The Windows operating system keeps these processes in a start up folder. and in Apple computers, the MacOS uses launch agents If malware edits the start up folder, or launch agents everytime the computer is started the malware will start as well.

3. Malicious browser extensions

A criminal may create what appears to be a legitimate browser extension, however once installed it is used to infect and gain malware persstence of a compromised computer.

Want to know more about malware persistence?

The Mitre ATT&CK site has an indepth look at malware persistence yu can access it via this link (or look up 'Mitre ATT&CK malware persistence' in the search engine of your choice) Link: https://attack.mitre.org/versions/v9/tactics/TA0003/

How to stay safer from malware

  • Use a reputable and up to date anti-virus application and run regular scans on your computer.

  • Keep your operating system and software patched

  • Only install browser extensions from reputable sources

  • Take care not to click links in unsolicited emails

  • Do not put your account credentials into a link you arrived at via an email - navigate to the site yourself to log in

  • Consider using multi-factor authentication (MFA) wherever possible

  • Take care to only install legitimate software from official sources


What to do if you are a victim of cybercrime

• Australia, please report the matter via https://www.cyber.gov.au/report

• UK, please report via report.ncsc.gov.uk

• USA, please report via https://www.ic3.gov/


Written by A. Turner

© A. Turner 2021 https://www.demystifycyber.com.au/

Provided for general information and education purposes

7 views0 comments

Recent Posts

See All