Stealth Malware
What is Stealth Malware?
Stealth MalwareMalware specifically engineered to evade detection by users, security tools, and forensic investigators through hiding, mimicry, and anti-analysis tricks.
Stealth malware bundles many evasion techniques: hooking system APIs to hide files and processes, intercepting integrity checks, sandbox and VM detection, anti-debugging, code obfuscation, living-off-the-land binaries, timestomping, and cleaning logs after operation. Rootkits, advanced banking trojans, APT implants and many ransomware loaders fall under this category. Detection relies on EDR with kernel-level visibility, memory forensics, network traffic analysis, threat hunting on TTPs (via frameworks like MITRE ATT&CK), and tamper-evident logging shipped off-host. Hardening includes Secure Boot, signed drivers, least privilege and reducing dwell time through proactive hunting.
● Examples
- 01
TDL/TDSS rootkits hiding their files from Windows APIs.
- 02
Cobalt Strike Beacon configurations that detect sandboxes and unhook EDR.
● Frequently asked questions
What is Stealth Malware?
Malware specifically engineered to evade detection by users, security tools, and forensic investigators through hiding, mimicry, and anti-analysis tricks. It belongs to the Malware category of cybersecurity.
What does Stealth Malware mean?
Malware specifically engineered to evade detection by users, security tools, and forensic investigators through hiding, mimicry, and anti-analysis tricks.
How do you defend against Stealth Malware?
Defences for Stealth Malware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Stealth Malware?
Common alternative names include: Evasive malware, Anti-forensic malware.