{"id":66966,"date":"2016-12-12T21:01:55","date_gmt":"2016-12-13T05:01:55","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=66966"},"modified":"2025-06-06T02:20:40","modified_gmt":"2025-06-06T09:20:40","slug":"trojanization-is-on-the-rise","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/","title":{"rendered":"&#8220;Trojanization&#8221; of Legit Apps on the Rise"},"content":{"rendered":"<p><em>McAfee today released its McAfee Labs Threats Report: December 2016. The report&#8217;s third key topic illustrates how attackers are creating difficult-to-detect malware by infecting legitimate code with Trojans and leveraging that legitimacy to remain hidden as long as possible. Author Craig Schmugar of McAfee Labs also recommends policies and procedures that will help protect against this form of attack. The following is an excerpt from Schmugar&#8217;s key topic feature.<\/em><\/p>\n<p>Earlier this year, the Internet blew up over the topic of whether Apple should assist the FBI by providing access to a deceased terrorist\u2019s iPhone. Tim Cook, Apple\u2019s chief executive, referred to the government\u2019s demands as asking for the \u201cequivalent of a master key, capable of opening hundreds of millions of locks.\u201d In the end, the FBI gained access through undisclosed means and withdrew the request, but the notion of backdoor access is something that has been coveted by malware authors, spies, and nation-states for decades. Tactics for accomplishing this goal range from persuading victims via social engineering to hand over the keys to their devices, to intercepting hardware in the supply chain and inserting backdoors to surreptitiously gain remote access. However, the most common method is through the deployment of Trojan software.<\/p>\n<p>Most malicious applications today are rotten to the core. They serve one purpose, to profit bad actors, subjecting their victims to attacks. The tactical objectives of such crimes are generally to reach the target, establish a presence, and persist for an extended time. To reach their targets, attackers either draw victims in through social engineering or intercept their everyday computer usage, most often through exploitation. In either case, the goal is for those unfortunate enough to cross paths with malicious code to be none the wiser.<\/p>\n<p>The longer attacks can go unnoticed, the larger the payout. To this end, attackers are growing more sophisticated as they endeavor to create long-lasting, fully undetectable creations. The more authentic looking a piece of code, the more likely it is to be overlooked. This is the primary driving factor in an increasing trend of \u201cTrojanizing\u201d legitimate applications, which are injected with malicious nonreplicating code.<\/p>\n<p>The abuse of reputable applications a\ufb00ords attackers a number of benefits. Payloads are concealed behind a recognizable brand, contributing to the impression of legitimacy and helping ensure targeted users take the bait. This brand recognition continues after a system has been compromised, through recognizable directory, file, process, and registry key names and attributes. These elements can provide cover during security scans and forensics analysis, with recognizable properties blending with hundreds or even thousands of familiar programs.<\/p>\n<p>Another benefit is built-in persistence, or a method of restarting code that was previously terminated. Malware persistence falls into one of two categories: self-persistence, involving the installation of start-up hooks to endure reboots; and companion-persistence, which leverages existing start-up hooks to automatically load before, during, or after other wanted applications. Each system change made by malicious code is an indicator of compromise. Thus the fewer the number of changes, the smaller the detection surface. Trojanizing legitimate applications provides free persistence; the software\u2019s natural method of start-up is all that is necessary for the malicious code to load. In fact, if the program is run manually on a regular basis, then persistence is self-perpetuated by the victims themselves.<\/p>\n<h2>Learn More<\/h2>\n<p><em>To learn more, visit <a href=\"https:\/\/www.mcafee.com\">www.mcafee.com<\/a> for the <a href=\"https:\/\/www.mcafee.com\/common\/js\/asset_redirect.html?eid=16Q4GLOBALPROSM11549&amp;url=https:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threats-dec-2016.pdf\">full report<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>McAfee today released its McAfee Labs Threats Report: December 2016. The report&#8217;s third key topic illustrates how attackers are creating&#8230;<\/p>\n","protected":false},"author":600,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[4452,180,4140,4831],"coauthors":[2994],"class_list":["post-66966","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybersecurity","tag-malware","tag-quarterly-threats-report","tag-trojanization"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>&quot;Trojanization&quot; of Legit Apps on the Rise | McAfee Blog<\/title>\n<meta name=\"description\" content=\"McAfee today released its McAfee Labs Threats Report: December 2016. The report&#039;s third key topic illustrates how attackers are creating\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&quot;Trojanization&quot; of Legit Apps on the Rise | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"McAfee today released its McAfee Labs Threats Report: December 2016. The report&#039;s third key topic illustrates how attackers are creating\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-13T05:01:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T09:20:40+00:00\" \/>\n<meta name=\"author\" content=\"Chris Palm\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Bulldog_Palm\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chris Palm\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/\"},\"author\":{\"name\":\"Chris Palm\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/207649ac39a514cf4909430626ea679b\"},\"headline\":\"&#8220;Trojanization&#8221; of Legit Apps on the Rise\",\"datePublished\":\"2016-12-13T05:01:55+00:00\",\"dateModified\":\"2025-06-06T09:20:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/\"},\"wordCount\":571,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"cybersecurity\",\"malware\",\"Quarterly Threats Report\",\"Trojanization\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/\",\"name\":\"\\\"Trojanization\\\" of Legit Apps on the Rise | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2016-12-13T05:01:55+00:00\",\"dateModified\":\"2025-06-06T09:20:40+00:00\",\"description\":\"McAfee today released its McAfee Labs Threats Report: December 2016. The report's third key topic illustrates how attackers are creating\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"&#8220;Trojanization&#8221; of Legit Apps on the Rise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/207649ac39a514cf4909430626ea679b\",\"name\":\"Chris Palm\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/dd0452ed764368de38e95e2fadf1c461\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e2b84a91b8c45c7a0096a954e84e5004?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e2b84a91b8c45c7a0096a954e84e5004?s=96&d=mm&r=g\",\"caption\":\"Chris Palm\"},\"description\":\"Chris Palm has 20 years of experience focused on the intersection of technology, business, and policy, where issues of security and privacy are shaping how technology impacts our lives. He has worked to tell these stories with technology leaders such as McAfee, VeriSign, Symantec, Entrust, Microsoft, Sun Microsystems, and Intel Security. As a director of corporate communications for McAfee, Chris manages executive public relations, thought leadership\/research, and crisis and issues communications for the organization\u2019s Office of the CTO, McAfee Labs, and the Advanced Threat Research group. Chris holds an MBA from Thunderbird School of Global Management and a BA in English Language and Literature from University of Southern California.\",\"sameAs\":[\"http:\/\/www.intelsecurity.com\",\"https:\/\/x.com\/@Bulldog_Palm\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/cpalm\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\"Trojanization\" of Legit Apps on the Rise | McAfee Blog","description":"McAfee today released its McAfee Labs Threats Report: December 2016. The report's third key topic illustrates how attackers are creating","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"\"Trojanization\" of Legit Apps on the Rise | McAfee Blog","og_description":"McAfee today released its McAfee Labs Threats Report: December 2016. The report's third key topic illustrates how attackers are creating","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-12-13T05:01:55+00:00","article_modified_time":"2025-06-06T09:20:40+00:00","author":"Chris Palm","twitter_card":"summary_large_image","twitter_creator":"@Bulldog_Palm","twitter_site":"@McAfee","twitter_misc":{"Written by":"Chris Palm","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/"},"author":{"name":"Chris Palm","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/207649ac39a514cf4909430626ea679b"},"headline":"&#8220;Trojanization&#8221; of Legit Apps on the Rise","datePublished":"2016-12-13T05:01:55+00:00","dateModified":"2025-06-06T09:20:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/"},"wordCount":571,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["cybersecurity","malware","Quarterly Threats Report","Trojanization"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/","name":"\"Trojanization\" of Legit Apps on the Rise | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2016-12-13T05:01:55+00:00","dateModified":"2025-06-06T09:20:40+00:00","description":"McAfee today released its McAfee Labs Threats Report: December 2016. The report's third key topic illustrates how attackers are creating","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trojanization-is-on-the-rise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"&#8220;Trojanization&#8221; of Legit Apps on the Rise"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/207649ac39a514cf4909430626ea679b","name":"Chris Palm","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/dd0452ed764368de38e95e2fadf1c461","url":"https:\/\/secure.gravatar.com\/avatar\/e2b84a91b8c45c7a0096a954e84e5004?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e2b84a91b8c45c7a0096a954e84e5004?s=96&d=mm&r=g","caption":"Chris Palm"},"description":"Chris Palm has 20 years of experience focused on the intersection of technology, business, and policy, where issues of security and privacy are shaping how technology impacts our lives. He has worked to tell these stories with technology leaders such as McAfee, VeriSign, Symantec, Entrust, Microsoft, Sun Microsystems, and Intel Security. As a director of corporate communications for McAfee, Chris manages executive public relations, thought leadership\/research, and crisis and issues communications for the organization\u2019s Office of the CTO, McAfee Labs, and the Advanced Threat Research group. Chris holds an MBA from Thunderbird School of Global Management and a BA in English Language and Literature from University of Southern California.","sameAs":["http:\/\/www.intelsecurity.com","https:\/\/x.com\/@Bulldog_Palm"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/cpalm\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/66966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/600"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=66966"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/66966\/revisions"}],"predecessor-version":[{"id":215202,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/66966\/revisions\/215202"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=66966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=66966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=66966"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=66966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}