Are the Android SafetyCore and Android System Key Verifier apps safe? | Kaspersky official blog

Since February, many users have been complaining about the Android System SafetyCore app suddenly appearing on their Android phones. It has neither UI nor settings, but Google Play says the developer is Google itself, the number of installations exceeds a billion, and the average rating is a dismal 2.4 stars. The purpose of the app is described vaguely: “It provides the underlying technology for features like the upcoming Sensitive Content Warnings feature in Google Messages”. It’s not hard to guess what “sensitive content” stands for, but how and why is Google going to be warning us about it? And how is it going to find out whether the content is indeed sensitive in nature?

First, some reassurance regarding privacy: neither Google nor independent experts have reported any privacy concerns. SafetyCore runs locally — without sending photos or associated information to external servers. When the user receives an image in Google Messages, a machine-learning model that runs locally on the phone analyzes it and blurs it if it detects anything saucy. To remove the blur, the user has to tap the image and confirm that they really want to view the content. A similar thing happens when sending: if the user tries to send an image with nudity, the phone double-checks if it really needs to be sent. Google stresses that it doesn’t send scan results anywhere.

The SafetyCore app handles the image analysis — but it’s not designed for standalone use. Other apps call on SafetyCore when receiving or sending pictures, but it’s up to them how to use the output. So far, AI analysis can only be used in Google Messages: images recognized as “sensitive” will be blurred. In the future, Google promises to make SafetyCore features available to other developers, enabling apps like WhatsApp and Telegram to detect nudes as well. Other apps could be configured to, for example, block adult content or immediately filter such images into spam.

Unlike previous attempts by Google and Apple to protect children from unwanted content, SafetyCore avoids external server analysis, which enhances privacy but strains hardware. Google anticipates that SafetyCore will eventually be installed on all sufficiently powerful (2GB RAM, Android 9+) phones. The feature will be disabled by default for adult users but enabled for minors. If you don’t need this kind of hand-holding, or don’t like having extra apps, you can simply remove SafetyCore from your phone. Unlike numerous other Google services, this app can easily be uninstalled through both Google Play and the “Apps” subsection of the phone settings. However, bear in mind that Google might reinstall the app with a future update.

SafetyCore is the most sophisticated, though not the only, on-device (meaning no cloud usage and no user-data sharing) AI-powered protection system that Google is developing. Alongside SafetyCore, in October 2024 Google announced language models designed to analyze messages from strangers in Google Messages and suggest ending the conversation if the message text resembles a typical scam scheme.

Besides SafetyCore, another app is spawning on devices with no warning — Android System Key Verifier. It also has no UI, can easily be uninstalled, and is designed for secure communication. However, it features no AI-driven analysis. This app enables two users to verify their keys during end-to-end encrypted messaging. WhatsApp and Signal have their own ways of doing this (users scan each other’s QR codes when meeting in person, or they compare long strings of numbers that show up on the screen). Google wants to make this easier for all messaging apps by putting a standard interface into Android.

Users’ main issue with Google, and the reason for the poor ratings, isn’t what the apps do, but how they’re installed: with no warnings, no explanations, and no user choice. A new app just appears on their phones. Many Google Play reviewers worry if it’s a virus, and some claim their phones or specific apps see reduced performance. There were no widespread issues connected to installing these Google apps, but if you’ve any doubts, you can manually delete the app and see if your phone indeed works better.

Kaspersky official blog – ​Read More

Miniaudio and Adobe Acrobat Reader vulnerabilities

Miniaudio and Adobe Acrobat Reader vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities.  

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

Miniaudio out-of-bounds write vulnerability 

Discovered by Emmanuel Tacheau of Cisco Talos.   

TALOS-2024-2063 (CVE-2024-41147) is an out-of-bounds write vulnerability in Miniaudio, a lightweight, single-file audio playback and capture library written in C. A missing allocation size check can cause a buffer overflow, leading to this out-of-bounds write. This vulnerability can be triggered by a specially crafted FLAC file, resulting in a memory corruption when in playback mode. The application sends raw audio data to Miniaudio, which is then played back through the default playback device as defined by the operating system. 

Adobe Acrobat out-of-bounds write vulnerability 

Discovered by KPC of Cisco Talos.   

TALOS-2025-2134 (CVE-2025-27163) and TALOS-2025-2136 (CVE-2025-27164) are out-of-bounds read vulnerabilities in the font functionality, which can lead to disclosure of sensitive information. TALOS-2025-2135 (CVE-2025-27158) is a memory corruption vulnerability, stemming from an uninitialized pointer in the font functionality of Adobe Acrobat, which can potentially lead to arbitrary code execution. A specially crafted font file embedded into a PDF can trigger these vulnerabilities. An attacker needs to trick the user into opening a malicious file. 

Cisco Talos Blog – ​Read More

Patch it up: Old vulnerabilities are everyone’s problems

Patch it up: Old vulnerabilities are everyone’s problems

Welcome to this week’s edition of the Threat Source newsletter.

Let’s pick up where we left off in my last newsletter. Please mark your calendars: The free support for Windows 10 will end on October 14, 2025.

When a software loses vendor support, it no longer receives patches or updates. As highlighted in my previous newsletter, the top method for initial access in the last quarter of 2024 was exploiting vulnerabilities in public-facing applications. While Windows 10 isn’t typically (or shouldn’t be) a public-facing application, unpatched client systems become prime targets for bad actors as they progress through the stages of an attack: Execution, Privilege Escalation, Defense Evasion, Credential Access, and Lateral Movement.

In last week’s newsletter, my colleague Martin asked, “Who is responsible, and does it matter?” As a thought exercise, let’s flip the script and ask, “Where is the victim, and does it matter?” I often field questions about threats specific to countries, regions, or continents, but the reality is that software is largely the same regardless of physical location. Yes, there are different language packs, and yes, spam and phishing campaigns may use local languages. However, when it comes to software, operating systems, libraries, and drivers, we share code globally.

Remember Log4j and NotPetya? These vulnerabilities caused chaos around the globe. Both have CVEs listed in the Known Exploited Vulnerabilities (KEV) catalog, which is maintained by the Cybersecurity and Infrastructure Security Agency (CISA).

While researching the KEVs added in 2024, I discovered CVEs dating back to 2012, 2013, and 2014. This underscores that regardless of location, old vulnerabilities can remain relevant and dangerous years after their discovery.

Patch it up: Old vulnerabilities are everyone’s problems

Fast forward to 2025: CVE-2025-22224 was published on Mar. 4, 2025 and added to CISA’s KEV Catalog less than two hours later. A week later, over 40,000 vulnerable instances were still detected globally, as shown on the Shadowserver dashboard:

Patch it up: Old vulnerabilities are everyone’s problems

Rather than solely focusing on geography, the global vulnerability landscape suggests we should ask ourselves:

·       “Am I running this software?”
·       “Is my software up to date?”
·       “How quickly can I fix it?”
·       Or, for the brave, “Am I prepared to take the risk?”

While more attributes for CVEs may be beneficial, I personally believe the absence of a geographic attribute is a good thing. Patching and updating software should be prioritized regardless of nationality or geographic context. When it comes to maintaining robust cybersecurity, the only good vulnerability is no vulnerability.

Remember: In the digital world, we’re all neighbors. A vulnerability anywhere is a threat just around the corner.

The one big thing

Cisco Talos discovered malicious activities conducted by an unknown attacker as early as January 2025, predominantly targeting organizations in Japan. The attacker exploited a vulnerability, CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines.

Why do I care?

We reported an increasing trend of threat actors exploiting vulnerable public facing applications for initial access in our quarterly Talos Incident Response report for Q4 2024, and this intrusion highlights this ongoing activity. In this case, the attacker establishes persistence by modifying registry keys, adding scheduled tasks, and creating malicious services using the plugins of the Cobalt Strike kit called “TaoWu.”

So now what?

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see the National Vulnerability Database. Here are the Snort SIDs for this threat:

·       Snort 2: 64632, 64633, 64630, 64631
·       Snort 3: 301157, 301156

Top security headlines of the week

· The Bluetooth “backdoor” that wasn’t. The original title, “Undocumented backdoor found in Bluetooth chip used by a billion devices,” was updated to a more precise description: “Undocumented commands found in Bluetooth chip used by a billion devices.” (Bleepingcomputer) (Darkmentor)

· A ransomware gang leveraged a vulnerable IP camera in an attack, effectively circumventing Endpoint Detection and Response (EDR). The “Mr. Monk” in me wants to point out that while the article title says “webcam” — which, in my definition, is a camera connected internally or via USB to a PC — the article discusses Linux and SMB shares, which suggests it is an IP camera.  (Bleepingcomputer)

· Massive alleged cyber attack against X (formerly Twitter). This past Monday, a series of outages left X unavailable for thousands of users for at least one hour. Not all details are currently known to the public. (Securityweek)

Can’t get enough Talos?

Cascading Style Sheets (CSS) are ever present in modern day web browsing, however it’s far from their own use. Read our latest blog on Abusing with style: Leveraging cascading style sheets for evasion and tracking.

Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. Read the full blog here: Unmasking the new persistent attacks on Japan

Upcoming events where you can find Talos

· DEVCORE (March 15, 2025) Taipei, Taiwan. Ashley Shen will give a talk on exploit hunting.
· RSA (April 28-May 1, 2025)  San Francisco, CA
· PIVOTcon (May 7-May 9, 2025) Malaga, Spain. Ashley Shen and Vitor Ventura will present “Redefining IABs: Impacts of Compartmentalization on Threat Tracking & Modeling.”
· CTA TIPS 2025 (May 14-15, 2025) Arlington, VA 
· Cisco Live U.S. (June 8 – 12, 2025) San Diego, CA 

Most prevalent malware files from Talos telemetry over the past week

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Claimed Product: N/A
Detection Name: Win.Worm.Coinminer::1201

SHA 256: 9c60480afbbfbdf20520a9e7705f60a54ff2d0a94d72e4c26fc2aee55a158a9f
MD5: 7abf12ab98f4cbed63228bba977cea7e
VirusTotal:  https://www.virustotal.com/gui/file/9c60480afbbfbdf20520a9e7705f60a54ff2d0a94d72e4c26fc2aee55a158a9f
Typical Filename: pdfzonepro.msi
Claimed Product: N/A
Detection Name: W32.9C60480AFB-95.SBX.TG

 SHA256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
MD5: 71fea034b422e4a17ebb06022532fdde
VirusTotal: https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca/details
Typical Filename: VID001.exe
Claimed Product: N/A
Detection Name: Coinminer:MBT.26mw.in14.Talos

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
MD5: 7bdbd180c081fa63ca94f9c22c457376
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
Typical Filename: c0dwjdi6a.dll
Claimed Product: N/A
Detection Name: Trojan.GenericKD.33515991

Cisco Talos Blog – ​Read More

Update your VMware ESXi products now | Kaspersky official blog

On March 4, Broadcom released emergency updates to address three vulnerabilities — CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 — that affect several VMware products, including ESXi, Workstation, and Fusion. A note in the Broadcom advisory stated that at least one of these — CVE-2025-22224 — has been exploited in real-world attacks. The vulnerabilities allow for virtual machine escape — enabling attackers to execute code directly on the ESX hypervisor. Information available on VMware’s GitHub suggests that the Microsoft Threat Intelligence Center was the first to detect the exploit in the wild and notify Broadcom. Neither company has named the attacker or the victim.

Broadcom reports that the vulnerabilities affect VMware ESXi 7.0–8.0, Workstation 17.x, vSphere 6.5–8, Fusion 13.x, Cloud Foundation 4.5–5.x, Telco Cloud Platform 2.x–5.x, and Telco Cloud Infrastructure 2.x–3.x. However, some experts suggest that the range of impacted products is potentially wider. In particular, older versions of ESXi, such as 5.5, should be vulnerable as well, but these unsupported versions are not getting patched. According to some assessments, more than 41,000 ESXi servers had been affected across the globe (mainly in China, France, the U.S., Germany, Iran and Brazil) as at the end of last week.

What issues VMware has fixed

The most severe vulnerability in VMware ESXi and Workstation — CVE-2025-22224 — received a CVSS rating of 9.3. It’s related to a heap overflow in VMCI, and allows an attacker with local administrative privileges on the virtual machine to execute code as the VMX process on the host — the hypervisor.

The CVE-2025-22225 vulnerability in VMware ESXi (CVSS 8.2) allows an attacker to perform an arbitrary kernel write, which also implies sandbox escape. CVE-2025-22226 — an HGFS information disclosure vulnerability (CVSS 7.1) — permits an attacker with guest VM administrative access to extract the contents of the VMX process memory. VMware ESXi, Workstation, and Fusion are affected by this vulnerability.

Dangerous exploitation scenarios

The vulnerability descriptions indicate that exploitation requires an attacker to have already compromised the virtual machine and possess administrative privileges on it. This seems like a relatively high entry barrier, but in reality such a scenario can materialize quite easily. The primary danger of these vulnerabilities is that they drastically reduce the steps an attacker needs to take from compromising a single virtual machine to completely seizing control of the computing cluster. The trio of vulnerabilities allows the attacker to reach hypervisor level without conducting “noisy” network environment scans for servers, or having to circumvent network security measures. The following are typical enterprise scenarios where this could occur:

  • VMware-based VDI workstations. A single employee makes a mistake by launching a malicious attachment on their virtual workstation. Instead of just one workstation being compromised, this leads to a large-scale incident.
  • VMware-based hybrid and private clouds. A successful compromise of any server via a publicly accessible application vulnerability allows an attacker to rapidly propagate the attack across the entire network.
  • Leasing virtual servers and workstations (prebuilt VMs) from an MSP. A client’s error leading to infection on a rented host will result in compromise of all MSP clients sharing resources within the same cluster.

Some features of VMware clusters create further complexities in detecting and remediating such incidents. Once an attacker compromises the hypervisor level, they automatically gain access to all storage connected to the cluster. The attacker can then move freely throughout the VMware environment, and the configuration files available from the hypervisor permit their conducting extensive reconnaissance without raising security alerts.

The hypervisor lacks an EDR agent, and security tools have very limited visibility into what’s happening at the cluster level. Hackers can sneak in and grab important information, such as Active Directory databases, without security teams noticing. All of these factors make the three VMware vulnerabilities a veritable goldmine for malicious actors — particularly ransomware groups. They’ve repeatedly conducted attacks on ESXi environments in the past: RansomExx, ESXiargs, Clop, and so on.

Recommendations for organizational security

Luckily for businesses, proof-of-concept (PoC) code for exploiting these vulnerabilities has not yet been published, so widespread exploitation of the flaw has not begun. Nevertheless, such code could surface at any moment, so VMware products need to be updated quickly as a top priority. Since patching VMware environments can be complex, especially in high-availability infrastructures, organizations should leverage tools like vMotion to deploy patches without downtime.

Patching is the only mitigation for these vulnerabilities. However, Broadcom also recommends reviewing your settings according to the vSphere Security Configuration & Hardening guide. Among other things, you need to ensure that your VMware infrastructure is properly segmented to restrict access to the hypervisor management network.

Be sure to use cloud security tools, including having an EDR agent properly installed and running on your virtual machines. This will allow for the detection and prevention of the initial infection stage — blocking attackers from obtaining the administrative access required to exploit the vulnerabilities.

Kaspersky official blog – ​Read More

New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis 

ANY.RUN sandbox just got even more powerful thanks to a new pre-installed development software set in its virtual machines (VMs). 

Building on our existing pre-installed sets, we’re introducing this new option to give researchers even more flexibility and advanced tools for analyzing highly specific and complex malware inside the sandbox. 

With this update, before launching an analysis session, users can select the “Development” software set to instantly load a specialized toolkit designed for deep malware investigation. This is especially useful for working with Python-based malware, Node.js-based threats and adding deeper debugging and inspection capabilities. 

Let’s take a closer look at this latest addition and discover how you can use it! 

Why This Update Matters: Key Benefits 

This new software set significantly enhances malware research by providing tools that cater to specific types of malware. Here’s why we’ve added this soft set: 

  1. Analyze new types of malware (Python/Node.js-based threats): Many modern malware samples are written in Python or Node.js, and having the right tools pre-installed makes their analysis more efficient. 
  1. Improved debugging and reverse engineering: The presence of advanced debuggers and analysis tools helps senior analysts dive deeper into malware behavior, extract insights, and develop better detection techniques. 
  1. Faster and more efficient research sessions: No more manual installation, just launch the VM, and all necessary tools are available, saving time and improving workflow. 
  1. Expanding the database of ANY.RUN: By introducing new analysis scenarios, this update broadens the platform’s capabilities, making it more useful for a wide range of malware research and forensic investigations. 


ANY.RUN cloud interactive sandbox interface

Sandbox for Businesses

Discover all features of the Enterprise plan designed for businesses and large security teams.



What’s Included in the New Software Set? 

The pre-installed software set includes essential tools that malware analysts, security researchers, and threat hunters frequently use for analyzing complex threats: 

Pre-installed software set for deeper malware analysis 

List of Pre-Installed Tools 

  • Python (latest version) – Important for analyzing Python-based malware, executing scripts, and automating analysis. 
  • Node.js (latest version) – Helps in investigating Node.js-based malware and executing malicious scripts in a controlled environment. 
  • DebugView – Captures real-time debug output from Windows applications, useful for identifying malware behavior. 
  • DIE (Detect It Easy) – A tool for identifying executable file packers, obfuscators, and compilers used by malware authors. 
  • dnSpy – A powerful .NET debugger and decompiler, ideal for reverse-engineering malware written in C# or VB.NET. 
  • HxD – A hex editor that allows analysts to inspect and modify binary files, memory, and disk structures. 
  • Process Hacker – An advanced process monitoring tool for tracking system behavior and detecting malicious activity. 
  • x64dbg – A dynamic debugger for analyzing malware at the assembly level, often used for unpacking and reverse engineering. 
  • Wireshark PE – A network protocol analyzer for capturing and inspecting suspicious network traffic during malware execution. 

How to Use the New Software Set in ANY.RUN 

This pre-installed toolset is now available for ANY.RUN Enterprise users running malware analysis on Windows 10 (64-bit) virtual machine. 

Steps to Enable the Pre-Installed Software Set: 

  1. Go to ANY.RUN’s sandbox configuration. 

Analyze complex cyber threats inside the safe and secure ANY.RUN Interactive Sandbox 



Sign up for free


  1. Select Windows 10-64 as the operating system. 
  1. In the “Pre-installed Soft Set” option, choose “Development”. 
  1. Start the analysis session, and the selected tools will be automatically available inside the VM. 

Let’s look at a couple of practical examples of how this update improves research workflows. 

Example 1: Extracting MSI Package Files with Lessmsi 

In the following analysis session, we can see how the Lessmsi tool helps extract files from MSI packages without executing them.  

View analysis session 

Lessmi tool used inside ANY.RUN sandbox 

This is particularly useful for researchers who want to inspect the contents of an installer safely and identify any suspicious files or embedded scripts. 

During this process, the Detect It Easy (DiE) tool is also used, helping analysts gather more details about the extracted binaries, such as file signatures, packers, and obfuscation methods.  

DiE tool used for detailed analysis of malware 

By combining these tools, users can uncover hidden threats inside MSI packages without the risks associated with running them. 

Example 2: Debugging Malware with x64dbg

In this analysis session, x64dbg is used, a powerful debugger that allows users to step through malware execution, analyze code behavior, and identify hidden functionality.

View analysis session 

x64dbg used inside ANY.RUN sandbox

This is particularly useful for unpacking malware, bypassing obfuscation techniques, and understanding how the sample interacts with the system.

Example 3: Searching Inside Unpacked Binaries with HxD 

In this analysis session, HxD is used, a hex editor that allows users to search within all types of files for specific strings, patterns, or hidden data. This is useful when working with unpacked binaries, encrypted payloads, or malware that tries to conceal its real purpose within other formats. 

View analysis session 

HxD used for deeper analysis inside ANY.RUN sandbox 

By using HxD inside ANY.RUN’s sandbox, analysts can quickly locate critical data inside malware samples without needing to transfer files externally, making the analysis process safer and more efficient. 

In this case, the word “software” was searched with the help of HxD inside our secure environment to look for relevant information. 

Conclusion 

With the new pre-installed development software set, malware analysis in ANY.RUN just got a whole lot easier. Instead of jumping between different tools and setups, everything you need is already there inside the sandbox, ready to go. 

For businesses, this means faster threat detection and a more seamless workflow, all in a secure, controlled environment. 

Give it a try and see how much easier malware detection and analysis can be! 

About ANY.RUN 

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI LookupYARA Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster. 

Request free trial of ANY.RUN’s services → 

The post New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

Abusing with style: Leveraging cascading style sheets for evasion and tracking

  • Cisco Talos has identified actors abusing Cascading Style Sheets (CSS) to 1) evade spam filters and detection engines, and 2) track users’ actions and preferences. 
  • This blog is a follow-up to our previous report on how threat actors could abuse CSS using a technique called “hidden text salting” to evade spam filters, email parsers, and detection engines. This technique introduces several security implications. 
  • Additionally, we have observed the abuse of CSS for tracking, which impacts users’ privacy. This abuse ranges from tracking users’ actions to identifying their preferences. Although email clients restrict the execution of JavaScript, we argue that fingerprinting system and hardware configurations is also possible using CSS properties and rules, depending on the users’ clients and system configurations.

Abusing with style: Leveraging cascading style sheets for evasion and tracking

Cascading Style Sheets (CSS) specify how HTML materials are rendered and displayed to recipients. In a legitimate context, CSS is mainly used to adjust an email’s content to fit the screen resolution of the recipient. However, we will discuss how CSS can be abused by threat actors to stay under the radar and track recipients at a minimum. The features available in CSS allow attackers and spammers to track users’ actions and preferences, even though several features related to dynamic content (e.g., JavaScript) are restricted in email clients compared to web browsers. In what follows, we provide examples of CSS abuse we’ve identified in the wild for both evading detection and tracking users. These examples have all been observed from the second half of 2024 up until February 2025.

The abuse of cascading style sheets for evasion

Features of HTML and CSS can be used together to include comments and irrelevant content that are not visible to the victim (or recipient) when the email is rendered in an email client but can impact the efficacy of parsers and detection engines. We discussed a few examples in our recent blog post, and we will share more throughout the rest of this section. We will not cover cases that are well-known to the security community, such as including zero-sized fonts.

Threat actors can use the text_indent property of CSS to conceal content in the email’s body. Below is an example of a phishing email that contains text in different places, but the text is not visible when rendered in an email client.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
A phishing email with several gibberish characters added in between the original words.

An inspection of the HTML source of the above email reveals that hidden text salting has been used in several places. For example, in the snippet shown below, the text-indent and font-size properties of CSS are used together to conceal the gibberish characters added in between the original words visible to the recipient of this email.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
The HTML source snippet of the above phishing email shows how the text-indent property in CSS is used to hide the irrelevant characters inserted between the original words visible to the recipient of email.

The text-indent property is set to –9999px, which moves the text far out of the visible area when the email is rendered in the email client. Additionally, the font-size property is set to an extremely small size, making the text virtually invisible to the human eye on most screens. In some cases, the text color is also set to transparent to ensure the text is completely invisible by rendering it in a color that does not display against any background.

Alternatively, threat actors may use the opacity property of CSS to hide the irrelevant content. An example phishing email is shown below that also impersonates the Blue Cross Blue Shield organization.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
A phishing email impersonating the Blue Cross Blue Shield organization.

A close inspection of the HTML source of the above email reveals multiple attempts to conceal content, both in the body of the email and in the email’s preheader. Most email templates enable threat actors to add preheader text to their emails. Such text follows the email’s main subject immediately and is a technique that allows attackers to entice readers with additional information. Note that this field is also used in many email marketing and spam campaigns.

In this example, the attacker has set the opacity property of CSS to zero, making the element fully transparent and invisible. Note that this preheader text is kept hidden by relying on multiple CSS properties, including color, height, max-height, and max-width. Additionally, the mso-hide property is set to all to make the preheader invisible in Outlook email clients as well. Also, note that the invisible preheader text is completely irrelevant and appears benign (e.g., “FOUR yummy soup recipes just for you!”) to make it appear less suspicious to spam filters.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
The HTML source snippet of the above phishing email shows how the opacity property in CSS is used to hide the preheader text in the above email.

In a third example, the HTML smuggling technique is used to redirect the user to the final phishing page. This was a spear phishing email sent to one of our customers in February 2025. Additionally, the HTML attachment contains a series of German words and phrases that do not form coherent or grammatically correct sentences, and these are made invisible to the recipient of the email via hidden text salting.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
A spear phishing email with an HTML attachment.

The email contains the phrase “with regard” in two other languages, including Finnish and Estonian. The rendered HTML attachment is also shown below. Note that the attacker tries to convince the recipient to click on the button and view the document by displaying a Microsoft SharePoint logo.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
The rendered HTML attachment of the above email.

When the HTML attachment of the above email is inspected, one can notice that CSS properties are employed in various ways to conceal the irrelevant German phrases. First, the paragraphs’ positions are set to absolute, allowing them to be placed anywhere on the page, which is often a technique used to hide elements by moving them off-screen. Additionally, the width and height of the paragraphs are set to zero, rendering them invisible in terms of space. The opacity is also set to zero, making the content transparent and unseen by the recipient. Furthermore, a clipping method is utilized to ensure that the added salt remains hidden from the victim. Specifically, the first paragraph is clipped using a rectangle with the clip CSS property (which is deprecated as of this writing) that has zero width and height, effectively making it invisible by limiting its visible area. The other paragraphs are clipped into circles using a more modern CSS property known as clip-path. Lastly, the overflow property is set to hidden, ensuring that any content that exceeds the boundaries of the div element stays concealed.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
The HTML source snippet of the above spear phishing email shows how hidden text salting is used to add irrelevant German phrases to the body of the email, while at the same time being invisible to the recipient.

The abuse of cascading style sheets for tracking

Email clients use different rendering engines and support different CSS rules and properties. However, CSS properties can be abused to track users’ actions and preferences. We will discuss how fingerprinting recipients’ systems and hardware is also possible, although some of these fingerprinting approaches may only work in specific email clients and depend on certain configuration assumptions.  

Marketing campaigns may use these CSS properties to track user engagement and optimize future campaigns, while spammers and threat actors may use this approach to enhance their targeted phishing campaigns, collect information, and craft targeted exploits. In what follows, we provide only a few examples of attempts to compromise the privacy of our customers.

Tracking users’ (or email recipients’) actions and preferences has been one of the most dominant patterns of CSS abuse identified by Talos in the wild in recent months. This abuse can range from identifying recipients’ font and color scheme preferences and client language to even tracking their actions (e.g., viewing or printing emails). Below is an example of a spam email with multiple tracking capabilities.  

Abusing with style: Leveraging cascading style sheets for evasion and tracking
An example of a spam email.

The HTML source of the above email is shown below, where several tracking approaches are employed. First, the campaign uses a tracking image to record when the recipient opens the email. Second, different tracking URLs log the recipient’s color scheme preference (see the rd and rl characters in the URLs). This is achievable via the CSS media at-rule. Third, a tracking URL records when this email is printed (see the p character in the URL). Finally, different tracking URLs are used to record when the email is opened in a specific email client. Also, note that a unique identifier is assigned to each recipient and used in the tracking URL.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
The HTML source snippet of the above spam email shows how the recipient’s actions and preferences are tracked.

A second example email is shown below that tracks even more information, including the recipient’s geo-location and device-specific information.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
An example of a spam email.

An inspection of the HTML source of the above message, shown below, reveals several tracking clues. First, a tracking image is used to record when the recipient opens the email. Second, the recipient’s color scheme preference is tracked via separate URLs. Third, a tracking URL is embedded within this message that records when it is printed. Fourth, different tracking URLs are used to record when the email is opened in a specific email client. Finally, a tracking pixel is appended to the end of the email to collect the recipient’s IP address, the email client used to open the email, and some device-specific information.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
The HTML source snippet of the above spam email shows how the recipient’s actions and preferences are tracked and how their geo-location and device-specific information are collected.

As explained earlier, CSS provides a wide range of rules and properties that can help spammers and threat actors fingerprint users, their webmail or email client, and their system. For example, the media at-rule can detect certain attributes of a user’s environment, including screen size, resolution, and color depth. The HTML code snippet below demonstrates how the CSS media at-rule can be used for such purposes. Threat actors can set up different styles or load different resources based on criteria such as the screen width of the recipient’s device.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
An example HTML code snippet that shows how the CSS media at-rule can be used to fingerprint the screen width (or screen resolution) of the recipient’s device.

Fingerprinting the operating system of the recipient’s device is also possible and can be done in at least two main ways. In the first approach, the availability of certain fonts on a recipient’s system can indicate which operating system they might be using. Furthermore, threat actors may block the display of certain elements based on the inferred operating system. This can be achieved via the font-face at-rule in CSS.

In the example shown below, the body of the message uses the Segoe UI font, which is commonly available on Windows operating systems by default. Additionally, the font-face at-rule defines a font called MacFont, which relies on the local availability of Helvetica Neue. This font is typically found on macOS systems. Note that in this example, elements with the class .mac-style are hidden by default (display: none;). They are only shown to the recipient (display: block;) if the hypothetical media rule detects MacFont.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
An example HTML code snippet that shows how the CSS font-face at-rule can be used to fingerprint the operating system of the recipient’s device and then show or block specific contents using the availability of certain fonts.

The second method that can be used to fingerprint the operating system of a recipient’s device is to use unique URLs for resources (e.g., images) based on the applicable styles. When the email loads these resources, server logs can provide hints about the recipient’s operating system. In the example snippet shown below, different images are loaded depending on the victim’s operating system, which can be determined by the availability of certain fonts and styles that were applied.

Abusing with style: Leveraging cascading style sheets for evasion and tracking
An example HTML code snippet that shows how CSS can be used to fingerprint the operating system of the recipient’s device by loading different images.

Mitigations

As explained with multiple examples, CSS provides functionalities, rules, and properties that could be abused by attackers to evade spam filters and detection engines, as well as to track or fingerprint users and their devices. As such, both the security and privacy of your organization and business are at risk. In what follows, we provide a few mitigation solutions for each domain.

Security mitigations: One security mitigation solution is to rely on advanced filtering mechanisms that can more effectively detect hidden text salting and content concealment. These systems could examine different parts of emails to find and filter out hidden content. Alternatively, relying on features in addition to the text domain, such as the visual characteristics of emails, could be helpful. This approach is particularly beneficial in image-based threats.

Privacy mitigations: One of the most effective solutions in this domain is to use email privacy proxies. This mitigation is designed for email clients and involves rewriting emails to enhance privacy and maintain email integrity across different clients. In particular, the proxy service should be able to perform two main functions: 1) converting top-level CSS rules into style attributes, and 2) rewriting remote resources (e.g., images) to be included directly in the email via data URLs. The former function confines styles to the email itself and prevents conflicts with client-defined styles, while the latter function prevents exfiltration of information and undermines tracking pixels, ensuring the email’s integrity over time.

Protection

Safeguarding against these complex threats necessitates a comprehensive email security solution that utilizes AI-driven detection. Secure Email Threat Defense employs distinctive deep learning and machine learning models, incorporating Natural Language Processing, within its sophisticated threat detection systems.

Secure Email Threat Defense detects harmful techniques employed in attacks against your organization, extracts unmatched context for particular business risks, offers searchable threat data, and classifies threats to identify which sectors of your organization are most at risk of attack.

Begin strengthening your environment against sophisticated threats. Register now for a free trial of Email Threat Defense.

Cisco Talos Blog – ​Read More

AI Safety: Key Threats and Solutions 

Artificial Intelligence (AI) becomes increasingly integrated into daily life, offering unprecedented advancements in automation, communication, and cybersecurity. However, as AI models grow more sophisticated, they also introduce new threats. Discussions about AGI (Artificial General Intelligence) and superintelligence often dominate public discourse, but immediate risks demand urgent attention.  

This article explores three major AI threats: AI-powered phishing and malware generation, the misuse of AI for opinion shaping and unethical purposes, and unintended AI failures leading to harmful consequences. Understanding these risks and their countermeasures is crucial for AI safety and security. 

1. AI-Powered Phishing and Malware Generation 

Phishing has long been a major concern, but AI-driven automation has made it more effective than ever. Modern AI models generate hyper-personalized phishing emails, deepfake videos, and voice clones, making fraudulent messages more convincing and harder to detect. 

Phishing Evolution with LLMs 

A study of Cornell University analyzed AI-generated phishing emails and revealed how models like GPT-4 can evade traditional detection mechanisms. Despite machine learning-based detection tools, attackers continuously refine tactics to bypass defenses. 

Some phishing campaigns now combine Open-Source Intelligence (OSINT) with LLMs to craft messages that exploit personal details. More advanced methods involve face spoofing, video generation, and voice cloning, creating a multi-modal attack strategy that achieves alarming success rates. 

Jailbreaking and Malware Generation 

Beyond phishing, AI models can be manipulated to generate malware, write harmful scripts, or aid cybercriminal activities. Jailbreaking techniques exploit vulnerabilities in model alignment to bypass ethical safeguards. 

  • J2 (Jailbreaking to Jailbreak): Researchers at Scale AI demonstrated how LLMs can be used to red-team other models, achieving over 90% success in bypassing GPT-4o’s defenses by embedding attacks within narratives or code snippets. 
  • Best-of-N (BoN) Jailbreaking: This method iterates through slight variations of a malicious prompt until the AI model complies. Research from Raight AI showed an 89% success rate against GPT-4. 
  • Backdoor Attacks in Open-Source Models: Threat actors can fine-tune open-source models to create malicious versions that inject backdoors into code. A recent example involved attackers embedding a <script> vulnerability into an AI code assistant, leading to remote code execution risks. 


Enrich your threat knowledge with TI Lookup

Enrich your threat knowledge with TI Lookup

Learn about TI Lookup and its capabilities to see how it can contribute to your company’s security



2. AI Alignment Exploitation and Opinion Shaping 

AI providers often use test-time scaling, classifiers, and reinforcement learning reward models to guide inference outputs subtly. This raises ethical concerns about transparency and the risk of misinformation. 

Influence Through AI Alignment 

Companies such as OpenAI, Mistral, and DeepSeek have the power to align models in ways that reinforce corporate, investor, or political agendas. Concerns grow over their ability to shape public opinion. 
 
In February 2025, researchers extracted DeepSeek’s system prompts, revealing that the model’s outputs could be manipulated to favor specific narratives. Techniques such as Bad Likert Judge and Crescendo demonstrated how alignment constraints could be bypassed. 

Ethical Overrides and Jailbreak Techniques 

AI-generated responses can steer users toward particular viewpoints, impacting public opinion and even electoral outcomes. Many users accept AI-generated information as fact, compounding the risk. 
 
For example, the Skeleton Key technique documented by Microsoft instructs AI models to modify their behavior guidelines, effectively overriding ethical safeguards while adding disclaimers. 

3. Unintended AI Failures and Harmful Consequences 

While many AI risks stem from malicious intent, some arise unintentionally due to flawed model design. Unintended consequences include providing harmful advice, generating dangerous content, or failing in critical applications. 

Harmful Outputs and Model Failures 

  • Lethal Advice and Dangerous Instructions: Several documented cases show AI models inadvertently giving harmful advice, from incorrect medical recommendations to unsafe chemical recipes. While safeguards exist, failures still occur. 
  • Safety in Robotics and Industrial Applications: Reinforcement learning models used in industrial automation present new challenges in occupational safety. AI-controlled machinery must balance efficiency with accident prevention, but misalignment could lead to workplace hazards. 
  • Unexpected misalignment: Recent studies reveal that models fine-tuned to inject malicious code into generated content are aware of the harmful intent embedded by engineers. This misalignment leads to more malicious behavior, such as offering harmful advice and glorifying contradictory historical figures and actions.  

Risk of Legal and Financial Liabilities 

AI companies may face lawsuits if their models inadvertently cause harm. Providers must implement robust safeguards, but balancing accessibility with security remains a challenge. Continuous monitoring and real-time anomaly detection are crucial. 

4. Defense Strategies and Mitigation Efforts 

Given these threats, researchers and AI companies are developing countermeasures: 

  • AI Red Teaming: Microsoft’s AI Red Team (AIRT) employs PyRIT for automated vulnerability testing, combining AI-driven attack simulations with human oversight. 
  • Dynamic Safeguards: Traditional content filters are ineffective against evolving jailbreak techniques. Adaptive AI defenses, such as real-time anomaly detection, are now being integrated into platforms like Azure AI Studio. 
  • Transparency in Model Alignment: AI providers must ensure transparency in how models are trained, aligned, and used to mitigate risks of opinion shaping and misinformation. 

In ANY.RUN’s Interactive Sandbox, for example, AI summaries help users better understand potential dangers involved in a particular task. Users can generate summaries of nearly any event within the virtual machine by clicking the AI button next to that event, or they can receive a summary of the entire task upon its completion. 

Click the highlighted button to receive an AI summary of malware sample analysis 

 View the analysis in the sandbox 

AI also powers automated interactivity in the Sandbox: it helps to automatically perform tasks like handling CAPTCHAs, clicking specific buttons, and more. 

AI automates action malware expects users to perform 

 View the analysis in the sandbox 

Conclusion 

The rapid evolution of AI presents both unprecedented opportunities and serious security risks. AI-driven phishing, jailbreaking, opinion manipulation, and unintended harmful outputs demand continuous vigilance.  

While defensive measures such as AI red teaming, dynamic safeguards, and transparency initiatives help mitigate these threats, the challenge remains a constant arms race between attackers and defenders. For businesses, it is the challenge to keep balance between embracing new horizons AI opens and obviating the hazards it poses.  

Leverage TI Lookup for threat discovery, research, detection and response!  
50 search queries for test: contact us now.  

About ANY.RUN

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.

The post AI Safety: Key Threats and Solutions  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

Main vulnerabilities from Microsoft’s March Patch Tuesday | Kaspersky official blog

In its monthly Patch Tuesday update, Microsoft has provided patches for six vulnerabilities that are being actively exploited in the wild. Four of these vulnerabilities are related to file systems — three of which having the same trigger, which may indicate that they’re being used in one and the same attack, or at least by the same actor. The details of their exploitation are still publicly undisclosed (fortunately), but the latest update is highly recommended for immediate installation.

File system vulnerabilities

Two of the vulnerabilities were found in the NTFS system. They allow attackers to gain access to parts of the heap — that is, to dynamically allocated application memory. Interestingly, the first of them, CVE-2025-24984 (4.6 on the CVSS scale), implies physical access of the attacker to the victim’s computer (they need to insert a malicious drive into the USB slot). To exploit the second information disclosure vulnerability, CVE-2025-24991 (CVSS 5.5), attackers need to somehow force a local user to mount a malicious virtual hard disk (VHD).

The other two file system vulnerabilities — CVE-2025-24985 in the Fast FAT file system driver, and CVE-2025-24993 in NTFS — are triggered in the same way by mounting a VHD prepared by the attackers. However, their exploitation leads to remote execution of arbitrary code on the attacked machine (RCE). Both vulnerabilities have a CVSS rating of 7.8.

Other exploited vulnerabilities

The CVE-2025-24983 (CVSS 7.0) vulnerability was found in the Windows Win32 kernel subsystem. It can allow attackers to elevate their privileges to the system level. To exploit it, attackers need to win the race condition.

The latest vulnerability from the list of actively exploited ones, CVE-2025-26633 (also CVSS 7.0), allows bypassing the security mechanisms of the Microsoft Management Console. The description provides two scenarios for its exploitation; however, both are related to the delivery of a malicious file to the victim, which must then be run. The first scenario involves delivering the file in an email attachment; the second — delivering a link through an instant messaging program, or, again, via email. According to information from the Zero Day Initiative researchers, who brought this vulnerability to Microsoft’s attention, it’s used by the EncryptHub ransomware group, also known as Larva-208.

And another zero-day vulnerability

In addition to the six vulnerabilities used in active attacks, the update from Microsoft also closes CVE-2025-26630 in Microsoft Access, which has not yet been used by attackers — though it could well be since, according to Microsoft, it’s been publicly known of for some time. This vulnerability has a CVSS rating of 7.8, and its exploitation leads to the execution of arbitrary code. However, the description emphasizes that to exploit it it needs to be opened on the attacked machine, and the Preview Pane is not an attack vector.

Other vulnerabilities

The note about the preview mechanism in the description of CVE-2025-26630 is not accidental — the update also contains a patch for the RCE vulnerability CVE-2025-24057, which is quite exploitable through the Preview Pane. In addition, Microsoft closed more vulnerabilities classified as critical, but not yet exploited. All of them also allow remote arbitrary code execution:

  • CVE-2025-24035 and CVE-2025-24045 in the Remote Desktop Service (RDS);
  • CVE-2025-24057 in Microsoft Office;
  • CVE-2025-24084 in the Windows Subsystem for Linux — a feature of Microsoft Windows that allows the use of a Linux environment from within Windows;
  • CVE-2025-26645 in the Remote Desktop client. This vulnerability is exploited when the victim connects to a malicious RDP server.

We recommend installing updates from Microsoft as soon as possible. Since actively exploited vulnerabilities are most likely used by attackers in fairly complex targeted attacks, we also recommend that companies use modern security solutions with EDR functionality, and, if necessary, involve third-party experts to protect themselves; for example, as part of our Managed Detection and Response service.

Kaspersky official blog – ​Read More

Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities

Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. 

There are six vulnerabilities that Microsoft has observed being exploited in the wild. CVE-2025-26633 is a Remoted Code Execution (RCE) vulnerability in Microsoft’s Management Console. Two information disclosure vulnerabilities, CVE-2025-24984 and CVE-2025-24991, and one RCE vulnerability, CVE-2025-24993, in Windows NTFS were observed being exploited in the wild. Microsoft also patched, CVE-2025-24985, another RCE exploited in the wild in the Windows Fast FAT system driver. An Elevation of Privilege (EOP) vulnerability, CVE-2025-24983, was also discovered being exploited in the wild, in Windows’ win32 Kernel Subsystem. 

There are two notable “critical” vulnerabilities. The first is CVE-2025-24035, which is a remote code execution (RCE) vulnerability affecting the Windows Remote Desktop Gateway (RD Gateway) service. This vulnerability is a remote unauthenticated User-after-free (UAF) issue in handling websocket initialization and closing operations which could potentially result in arbitrary code execution in the RD Gateway process. Successful exploitation of this vulnerability requires the attacker to connect to a system with the RD Gateway role. CVE-2025-24035 has been assigned a CVSS 3.1 score of 8.1 and is considered “more likely to be exploited” by Microsoft. 

CVE-2025-24045 is another critical remote code execution vulnerability in the RD Gateway service caused by a UAF issue in handling connection and disconnection callbacks. Successful exploitation of this vulnerability requires the attacker to connect to a system with the RD Gateway role. This vulnerability has also been assigned a CVSS 3.1 score of 8.1 and is considered “more likely to be exploited” by Microsoft. 

CVE-2024-9157 is an elevation of privilege vulnerability in a Synaptics Audio Effect Component service binaries DLL distributed with Windows Update. This vulnerability is caused by the Synaptics service opening a named pipe without any meaningful ACLs and expecting clients to provide the name of a DLL which is then loaded into the Synaptics process, which may allow even a remote unprivileged user to provide a malicious DLL to be loaded in the context of the service. This vulnerability has been assigned a CVSS 3.1 score of 9.9 and is considered “more likely to be exploited” by Microsoft. 

CVE-2025-24064 is an RCE vulnerability in the Windows Domain Name Service flagged as “critical” by Microsoft.  To successfully exploit this vulnerability an attacker needs to send a perfectly timed DNS update message to the vulnerable server which may cause a UAF error and could potentially lead to remote code execution. This vulnerability has been assigned a CVSS 3.1 score of 8.1 and is considered “less likely to be exploited” by Microsoft. 

CVE-2025-24084 is an RCE in the Windows Subsystem for Linux (WSL2) Kernel caused by an untrusted pointer dereference. To exploit this vulnerability an attacker needs to have elevated privileges on the target machine, due to the requirement of manipulating processes, which isn’t usually accessible by regular users. This vulnerability has been assigned a CVSS 3.1 score of 8.4 but was considered “less likely to be exploited” by Microsoft. 

CVE-2025-26645 is a vulnerability in the Remote Desktop (RDP) client caused by a relative path traversal issue. An attacker in control of a Remote Desktop Server could achieve RCE on any vulnerable client machine connecting to the service. This vulnerability has been assigned a CVSS 3.1 score of 8.8 and is considered “less likely to be exploited” by Microsoft. 

Talos would also like to highlight the following vulnerabilities that Microsoft considers to be “important” or “Critical”:     

  • CVE-2025-24057 Microsoft Office Remote Code Execution Vulnerability 
  • CVE-2025-24051 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 
  • CVE-2025-24056 Windows Telephony Service Remote Code Execution Vulnerability 

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.   

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 64663, 64662, 64432, 64658, 64659, 64656, 64657, 64660, 64661, 64653, 64652. There are also these Snort 3 rules: 64432, 301166, 301164, 301163, 301165, 301162 

Cisco Talos Blog – ​Read More

5 Common Evasion Techniques in Malware 

Cybercriminals are constantly refining their methods to stay one step ahead of security defenses. One of their key tactics is evasion, a set of techniques designed to hide malicious activity, bypass detection, and make investigations much more difficult for security teams. 

Over time, attackers have developed countless evasion techniques, and they continue to evolve as cybersecurity measures improe. Some methods exploit trusted system processes, while others rely on cleverly disguising malicious code to slip past defenses unnoticed. 

Let’s take a closer look at some of the most commonly used evasion techniques and see how they play out in real-world scenarios inside our secure sandbox, helping businesses detect threats faster, strengthen defenses, and minimize security risks before they cause damage. 

What You Should Know About Evasion Techniques 

When you’re defending your company’s network, one of the trickiest things you’ll face is attackers using evasion techniques. These are deliberately designed to stay under your radar, hiding malware and suspicious activity from detection tools and making incident response even tougher. 

Cybercriminals use evasion techniques to:
  • Avoid detection by security tools and analysts.
  • Extend dwell time inside compromised networks.
  • Increase the success rate of malware delivery.
  • Make investigations more challenging for security teams.
  • Reduce the risk of their operations being uncovered.
  • Enhance persistence and maintain long-term access to systems.

Knowing how these evasion tactics work can help your security team spot threats sooner, respond faster, and avoid major disruptions to your business. 

How Attackers Stay Hidden: Key Evasion Techniques 

Let’s have a look at some of the most commonly used evasion techniques and how they work in real-world attacks: 

1. T1027.003: Steganography 

Steganography is a sneaky way cybercriminals hide malicious data right inside harmless-looking images. Unlike encryption, which openly scrambles data to make it unreadable, steganography is all about staying invisible. 

With this technique, attackers embed malware inside the images you’d never suspect. Because the hidden code blends seamlessly into regular files, traditional security software rarely spots it. That’s exactly why steganography has become such a popular and dangerous method attackers use to quietly slip past your defenses. 

By analyzing suspicious files in ANY.RUN’s interactive sandbox, you can quickly uncover hidden threats and figure out exactly what techniques attackers are using. 

Let’s dive into a real-world example, and see step-by-step how to spot steganography quickly and easily without breaking a sweat. 

View analysis session 

Steganography campaign starting with a phishing PDF 

In this analysis session, attackers used a phishing PDF to trick users into downloading a malicious registry file.  

Once executed, the file added a hidden script to the system registry, automatically launching on reboot. 

Autorun value change in the registry detected by ANY.RUN 

Once the system restarts, a registry entry quietly triggers PowerShell to download a VBS script from a remote server. In ANY.RUN’s sandbox, you can easily track this action by inspecting the PowerShell process from the right side of the screen. 

Powershell.exe downloading a VBS file inside a secure environment 

Next, the downloaded script fetches a regular-looking image file, which secretly contains a hidden DLL payload.  

Image with malicious DLL payload detected by ANY.RUN  

With ANY.RUN, you can quickly pinpoint exactly where the malware hides within the file. By exposing hidden payloads like XWorm, security teams can accelerate threat detection, reduce incident response time, and prevent costly breaches before they escalate. 

Inspecting the image’s HEX data reveals a clear marker (<<BASE64_START>>) and encoded executable code, confirming the use of steganography to conceal the malicious XWorm payload. 

Static analysis of the malicious image 

When extracted, the hidden malware deploys XWorm, granting attackers remote control over the infected system. 

Analyze emerging threats inside the safe and secure ANY.RUN Interactive Sandbox 



Sign up for free


2. T1562.001: Disable or Modify Tools 

Cybercriminals often attempt to disable or interfere with security software to ensure their malicious activities go unnoticed. By disrupting or modifying security tools, attackers can prevent detection, maintain ongoing access, and carry out their goals without interruption. 

They might achieve this by terminating antivirus processes, altering registry settings, or adding exclusions so their malware bypasses detection entirely. 

View analysis session with T1562.001 technique 

Adding extension to the Windows Defender exclusion list inside 

In an analysis session conducted in the ANY.RUN sandbox, cyber criminals specifically targeted Windows Defender.  

They used the legitimate system tool sihost.exe (PID 2420) to quietly add file extensions to Windows Defender’s exclusion list. This prevented the security software from scanning certain malicious files, allowing the attacker’s payload to execute without being flagged. 

Sihost.exe with its conducted processes 

You can also view the full map of MITRE ATT&CK techniques related to any analysis session. This gives security teams instant clarity on attack tactics, helping businesses speed up investigations. 

 Simply click the “ATT&CK” button in the upper-right corner inside ANY.RUN to learn more about specific evasion techniques. 

MITRE ATT&CK Matrix techniques displayed inside ANY.RUN sandbox 

 
3. T1140 Deobfuscate/Decode Files or Information 

Attackers often conceal their malware using encoding or obfuscation methods to avoid detection. One common technique is encoding malicious payloads in Base64, turning recognizable code into what appears as harmless, random text. This method helps attackers bypass traditional security tools that might otherwise flag suspicious files or scripts. 

When the malware reaches the victim’s system, it gets decoded or deobfuscated back into executable form, allowing the attack to continue undetected. Because encoded data initially looks innocent, standard security scans often miss these threats entirely, giving cybercriminals the opportunity to quietly deliver and execute their malware. 

Try premium features of ANY.RUN for free 



Get 14-day trial


Attackers commonly use several methods to obfuscate or encode malicious files, including: 

  • Base64 encoding: Converts malware into text strings that seem harmless and difficult to detect. 
  • Encryption: Scrambles the payload, making it unreadable without a specific key. 
  • Compression: Reduces file size and disguises malicious code, making detection harder. 
  • String Obfuscation: Breaks recognizable text or commands into fragmented, obscure parts. 
  • Packing: Embeds malware within compressed or protected executables that unpack at runtime. 
  • Script Obfuscation: Uses complex or confusing scripts to hide malicious intent. 
  • Character Substitution: Replaces clear commands or URLs with unusual or encoded characters to evade simple scans. 

View analysis session with T1140 technique 

Decoding of a binary file from Base64 detected by ANY.RUN 

In this ANY.RUN analysis session, attackers used this exact method (PID 1164), decoding a malicious binary file from Base64.  

Using ANY.RUN’s Script Tracer feature, analysts can immediately identify and visualize the decoded content, revealing the previously hidden malicious activity clearly and quickly, allowing security teams to accelerate threat response, minimize damage, and prevent further compromise. 

Script Tracer revealing the decoded content 

4. T1564.003: Hidden Window 

Attackers often use hidden windows to quietly carry out malicious activities without users noticing. Normally, when an application runs, it opens a visible window, alerting users to its presence. However, cybercriminals leverage built-in system and scripting features to hide these windows, making their actions virtually invisible. 

Common methods attackers use include: 

  • PowerShell Commands: Using commands like powershell.exe -WindowStyle Hidden to execute scripts without displaying a window. 
  • Visual Basic and Jscript: Employing script functions specifically designed to launch processes silently in the background. 
  • Hidden Startup Processes: Configuring malware to run silently upon system reboot, with no visible window or notification. 
  • macOS plist Manipulation: Editing macOS property list (plist) files to prevent apps from appearing visibly in the dock, thus hiding malicious activities. 

View analysis session with T1564.003 technique 

T1564.003 evasion technique detected inside ANY.RUN sandbox 

In a real-world ANY.RUN sandbox analysis, attackers executed PowerShell using an invisible window to conceal malicious activities. Specifically, they ran the following command: 

“C:WindowsSystem32WindowsPowerShellv1.0powershell.exe” -NoProfile -ExecutionPolicy Bypass -Command “<malicious_script>” 

This command executes silently without displaying any visual indicators. The script itself attempts to disable Windows Defender by downloading and executing a batch file (source.bat) quietly in the background.  

Next, it downloads a rootkit named MasonRootkit.exe from a remote GitHub repository and launches it silently, either with elevated privileges (RunAs) or as a regular user, depending on the conditions set in the script. 

Dangerous activity detected inside ANY.RUN VM 

Because the entire process happens invisibly, most users see no unusual windows or alerts. Security teams using ANY.RUN can quickly uncover such hidden activities by examining detailed process execution logs and script behaviors, helping companies promptly respond to and mitigate the threat. 

5. T1218.010: Regsvr32 

Cybercriminals frequently misuse trusted system utilities like Regsvr32.exe to quietly execute malicious DLL payloads. Since Regsvr32 is a legitimate Windows tool typically used for registering DLL files, its misuse often goes unnoticed by antivirus software and security tools. 

Attackers exploit this built-in utility to: 

  • Silently execute malicious DLL files. 
  • Evade application control policies and antivirus detections. 
  • Maintain stealthy persistence on compromised systems. 

View analysis session with T1218.010 technique 

Execution of malicious DLL payload 

In this analysis session conducted in the ANY.RUN sandbox, the victim installed the application ManyCam, which dropped a suspicious DLL file (VideoSrcvbm.dll) into its program directory. 

The attackers then leveraged the trusted Windows utility Regsvr32.exe to quietly execute this malicious DLL: regsvr32 /s “C:Program Files (x86)ManyCamBinVideoSrcvbm.dll” 

Suspicious DLL file dropped  

Because this DLL execution used the legitimate Regsvr32.exe tool, it avoided standard security detections, allowing attackers to maintain stealth and persist unnoticed. 

Quick Detection of Evasion Techniques with ANY.RUN 

As we can see, one of the fastest ways to uncover evasion techniques is by analyzing suspicious files using the ANY.RUN sandbox.  

Within seconds, ANY.RUN visually maps the complete attack flow, clearly displaying all relevant MITRE ATT&CK tactics and techniques involved. This helps security teams quickly understand attack patterns, prioritize threats, and make faster, data-driven response decisions to protect business assets. 

To quickly understand the techniques used in a particular attack : 

  • Open your analysis session in the ANY.RUN sandbox. 
  • Click on the “ATT&CK” button located in the upper-right corner. 
  • Instantly view a detailed map of the attacker’s tactics and techniques. 
  • Click any technique for an in-depth explanation, additional context, and deeper insights. 

Conclusion 

Cybercriminals continuously refine their evasion tactics, making threat detection and response harder. Techniques like steganography, disabling security tools, script obfuscation, hidden windows, and Regsvr32 abuse allow attackers to bypass defenses and maintain access. 

For businesses and security teams, recognizing these tactics is important to protect sensitive data, maintain compliance, and prevent costly breaches. Without clear visibility into attacker methods, organizations risk financial loss, reputational damage, and prolonged intrusions. 


ANY.RUN cloud interactive sandbox interface

Sandbox for Businesses

Discover all features of the Enterprise plan designed for businesses and large security teams.



ANY.RUN’s interactive sandbox gives you the real-time visibility you need to detect even the most advanced evasion techniques. Within seconds, you can: 

  • See the full attack flow mapped with MITRE ATT&CK techniques. 
  • Analyze suspicious files in an isolated environment without risk to your network. 
  • Detect hidden threats that traditional security tools might miss. 
  • Get instant insights to improve response times and mitigate risks. 
  • Generate well-structured reports with IOCs and key findings, making it easy to share crucial threat intelligence with your team. 

About ANY.RUN

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.

Request trial of ANY.RUN’s services for your company → 

The post 5 Common Evasion Techniques in Malware  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More