Trojanized open-source software is tricky to spot. This is because it takes on the façade of legitimate, non-malicious software, making it especially stealthy and useful for targeted attacks. However, a closer investigation can reveal suspicious behavior that exposes their malicious intent.
How are open-source software trojanized? How can we detect them? To answer these questions, let us walk through a recent investigation we conducted that involved this file type.
The investigation
In our analysis of an incident, we found a file named notepad.exe sticking like a sore thumb. As most already know, Notepad is a well-known legitimate application. However, some malware authors camouflage malicious files by using the name of legitimate software such as notepad.exe to evade detection.
Read more…
Source: Trend Micro