Demystify Cyber Project

Articles by the cybersecurity community

#Cybersecurity - three ways malware can gain persistence

The purpose of the Demystify Cyber project, is to bring cybersecurity and cybercrime awarenss to all users of technology. Part of that includes explaining terms commonly used by cybersecurity practitioners, that may seem a little myserious to everybody else. Given that cybercrime can impact anyone cybersecurity should not be kept a mystery.

Let's look at malware persistence

When a criminal has taken all that effort to get some nasty piece of malware on your computer, they want it to stay there and do its thing for as long as possible.  Ways to  keep malware active on a compromised device, even after rebooting, is referred to as malware persistence. 

'How do criminals get their malware to have persistence on a computer?'  - do I hear you ask?

Well I am glad you raised this, because there are many ways, and understanding a bit about them can help everyone who uses technology stay just that little bit safer from cybercrime.

The below is a very brief list, written in as non-tech terms as I could achieve on an afternoon after work and without sufficient coffee, covering three ways malware can gain persistence on a compromised computer.

Three ways malware can gain persistence

1. Compromised accounts

If the account used for the computer has been comprmosed (such as via a phishing email) the criminal could use the accoutn details to ensure the computer remains infected.

2. Start up folder / launch agents

As a computer starts, it automatically runs through processes to ensure everything is operating and connected for the user. The Windows operating system keeps these processes in a start up folder. and in Apple computers, the MacOS uses launch agents If malware edits the start up folder, or launch agents everytime the computer is started the malware will start as well.

3. Malicious browser extensions

A criminal may create what appears to be a legitimate browser extension, however once installed it is used to infect and gain malware persstence of a compromised computer.

Want to know more about malware persistence?

The Mitre ATT&CK site has an indepth look at malware persistence yu can access it via this link (or look up 'Mitre ATT&CK malware persistence' in the search engine of your choice) Link: https://attack.mitre.org/versions/v9/tactics/TA0003/


How to stay safer from malware

  • Use a reputable and up to date anti-virus application and run regular as well as active scans on your computer.
  • Keep your operating system and software patched
  • Only install browser extensions from reputable stores, and be cautious even then 
  • Take care not to click links in unsolicited emails
  • Do not put your account credentials into a link you arrived at via an email - navigate to the site yourself to log in
  • Consider using multi-factor authentication (MFA) wherever possible
  • Take care to only instal legitimate sofware from official sources

picture of a frog typing at a computer, speech bubble says 'i use MFA multi frog authenticaiton'
This image has been created by the Demystify Cyber blog author (c) A. Turner 2021


Labels: ,