Fact Sheet - malware persistence
Updated: Mar 23
When a criminal has taken all that effort to install malware on your computer or network they want it to stay there undetected and active for as long as possible. Ways to keep malware active on a compromised device, even after rebooting, is referred to as malware persistence.
There are many ways for criminals to gain malware persistence in an infected computer, and understanding a bit about this can help everyone who uses technology stay just that little bit safer from cybercrime.
The below is a very brief list covering three ways malware can gain persistence on a compromised computer.
Three ways malware can gain persistence
1. Compromised accounts
If the account used for the computer has been compromied (such as via a phishing email) the criminal could use the account details to ensure the computer remains infected.
2. Start up folder / launch agents
As a computer starts, it automatically runs through processes to ensure everything is operating and connected for the user. The Windows operating system keeps these processes in a start up folder. and in Apple computers, the MacOS uses launch agents If malware edits the start up folder, or launch agents everytime the computer is started the malware will start as well.
3. Malicious browser extensions
A criminal may create what appears to be a legitimate browser extension, however once installed it is used to infect and gain malware persstence of a compromised computer.
Want to know more about malware persistence?
The Mitre ATT&CK site has an indepth look at malware persistence yu can access it via this link (or look up 'Mitre ATT&CK malware persistence' in the search engine of your choice) Link: https://attack.mitre.org/versions/v9/tactics/TA0003/
How to stay safer from malware
Use a reputable and up to date anti-virus application and run regular scans on your computer.
Keep your operating system and software patched
Only install browser extensions from reputable sources
Take care not to click links in unsolicited emails
Do not put your account credentials into a link you arrived at via an email - navigate to the site yourself to log in
Consider using multi-factor authentication (MFA) wherever possible
Take care to only install legitimate software from official sources
What to do if you are a victim of cybercrime
• Australia, please report the matter via https://www.cyber.gov.au/report
• UK, please report via report.ncsc.gov.uk
• USA, please report via https://www.ic3.gov/
Written by A. Turner
© A. Turner 2021 https://www.demystifycyber.com.au/
Provided for general information and education purposes