{"669538":{"#nid":"669538","#data":{"type":"news","title":"Playing Hide and Seek with a New Breed of Malware Threatening Millions of Users ","body":[{"value":"\u003Cp\u003ELurking just under the surface of popular online applications like Dropbox and Discord is a threat lying in wait to infect users unlucky enough to cross its path.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EFindings produced by Georgia Tech\u0027s Cyber Forensics Innovation (CyFI) Lab reveal this new type of menace, labeled as web-app-engaged (WAE) malware by the lab, has seen an increase of 226% since 2020. Fortunately, the team created a tool that enables cybersecurity incident responders to purge nearly 80% of discovered WAE malware by collaborating with service providers.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u201cWeb applications have become an integral part of our online lives, offering various services such as content delivery, data storage, and social networking,\u201d said\u0026nbsp;\u003Cstrong\u003EMingxuan Yao\u003C\/strong\u003E, Georgia Tech Ph.D. student. \u201cUnfortunately, these utilities have made web applications an attractive playground for malware creators. WAE malware is designed to exploit these applications, posing several risks to users.\u201d\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EWAE malware operates deceptively, though not in the ways one might expect. Rather than compromising the security of the web applications, this type of malware abuses the applications by making its malicious traffic appear benign. By doing so, it effectively hides in plain sight, enabling it to carry out its activities without being detected.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAddressing these threats requires a coordinated effort between incident responders and web app providers. Still, such collaboration has been lacking until now. The research produced by CyFI Lab seeks to enable such cooperation and provide insights into the prevalence and the characteristics of WAE malware.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EYao and his co-authors created Marsea to comprehensively examine WAE malware automatically. The tool identifies and separates abuse based on a web app\u2019s identity and assets.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EWhen used on a group of 10,000 malware samples, Marsea found nearly a thousand instances of malware throughout 29 different web applications. Alarmingly, Marsea also revealed that attackers are transitioning their malicious command-and-control servers to these web apps to evade detection. The research team has used Marsea to collaborate with web app providers to take down 79.8% of the malicious web app content.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIn August, the team presented\u0026nbsp;\u003Ca href=\u0022https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/yao-mingxuan\u0022\u003E\u003Cem\u003EHiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware\u003C\/em\u003E\u003C\/a\u003E\u0026nbsp;at the 32nd USENIX Security Symposium.\u0026nbsp;\u003Cstrong\u003EJonathan Fuller\u202f\u003C\/strong\u003Eof the United States Military Academy, Georgia Tech Ph.D. students\u202f\u003Cstrong\u003ERanjita Pai Kasturi\u003C\/strong\u003E,\u0026nbsp;\u003Cstrong\u003ESaumya Agarwal\u003C\/strong\u003E,\u0026nbsp;\u003Cstrong\u003EAmit Kumar Sikder\u003C\/strong\u003E, and Assistant Professor\u0026nbsp;\u003Cstrong\u003EBrendan Saltaformaggio\u0026nbsp;\u003C\/strong\u003Eco-authored the paper.\u0026nbsp;\u003C\/p\u003E\r\n","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EA new type of malware called WAE that hides in web applications has seen a dramatic increase in risks to users. Researchers at Georgia Tech\u0027s CyFI Lab have developed a tool to collaborate with service providers to remove 80% of discovered WAE malware, highlighting the need for coordinated efforts to address this hidden threat in popular online applications.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"Georgia Tech researchers are working with service providers to take on new malware that disguises its malicious traffic as benign."}],"uid":"32045","created_gmt":"2023-09-08 13:52:28","changed_gmt":"2023-09-12 14:31:50","author":"Ben Snedeker","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2023-09-08T00:00:00-04:00","iso_date":"2023-09-08T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"671648":{"id":"671648","type":"image","title":"Researchers from Georgia Tech\u0027s Cyber Forensics Innovation (CyFI) Lab discuss web application malware.","body":null,"created":"1694181162","gmt_created":"2023-09-08 13:52:42","changed":"1694181162","gmt_changed":"2023-09-08 13:52:42","alt":"Researchers from Georgia Tech\u0027s Cyber Forensics Innovation (CyFI) Lab discuss web application malware.","file":{"fid":"254749","name":"CyFI Lab 4.png","image_path":"\/sites\/default\/files\/2023\/09\/08\/CyFI%20Lab%204.png","image_full_path":"http:\/\/tlwarc.hg.gatech.edu\/\/sites\/default\/files\/2023\/09\/08\/CyFI%20Lab%204.png","mime":"image\/png","size":828893,"path_740":"http:\/\/tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/2023\/09\/08\/CyFI%20Lab%204.png?itok=5k93OH96"}}},"media_ids":["671648"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"430601","name":"Institute for Information Security and Privacy"},{"id":"1188","name":"Research Horizons"}],"categories":[{"id":"153","name":"Computer Science\/Information Technology and Security"},{"id":"135","name":"Research"}],"keywords":[{"id":"187915","name":"go-researchnews"}],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJohn Popham, Communications Officer I\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESchool of Cybersecurity \u0026amp; Privacy\u003C\/p\u003E\r\n\r\n\u003Cp\u003Ejohn.popham@cc.gatech.edu\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}