{"id":35706,"date":"2020-06-24T15:45:15","date_gmt":"2020-06-24T15:45:15","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31330\/This-Sneaky-Malware-Goes-To-Unusual-Lengths-To-Cover-Its-Tracks.html"},"modified":"2020-06-24T15:45:15","modified_gmt":"2020-06-24T15:45:15","slug":"this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/","title":{"rendered":"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2018\/10\/31\/34783712-8d01-47bc-9ad8-7147741e2e75\/thumbnail\/770x578\/ada29c2812dff909d73ec8718ce8fe9b\/istock-mysterious-hacker-hands.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A malware campaign which creates a backdoor providing full access to compromised Windows PC, while adding them to a growing botnet, has developed some unusual measures for staying undetected.<\/p>\n<p>Glupteba first emerged in 2018 and started by gradually dropping more components into place on infected machines in its bid to create a backdoor to the system.<\/p>\n<p>The <a href=\"https:\/\/www.zdnet.com\/article\/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software\/\">malware<\/a> is continuously in development and in the last few months it appears to have been upgraded with new techniques and tactics to coincide with a new campaign which has been detailed by cybersecurity researchers at Sophos.<\/p>\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/?p=67447\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">The paper<\/a> describes Glupteba as &#8220;highly self-defending malware&#8221; with the cyber criminal group behind it paying special attention to &#8220;enhancing features that enable the malware to evade detection&#8221;.<\/p>\n<p>However, its method of distribution is relatively simple: it&#8217;s bundled in pirated software, including cracked versions of commercial applications, as well as illegal video game downloads. The idea is simply to get as many users to download compromised applications which contain the Glupteba payload as possible.<\/p>\n<p>To ensure the best possible chance of a successful compromise, the malware is gradually dropped, bit-by-bit onto the system to avoid detection by any anti-virus software the user may have installed. The malware also uses <a href=\"https:\/\/www.zdnet.com\/article\/why-the-fixed-windows-eternalblue-exploit-wont-die\/\">the EternalBlue SMB vulnerability<\/a> to help it secretly spread across networks.<\/p>\n<p><strong><strong>SEE:&nbsp;<\/strong><\/strong><a href=\"http:\/\/www.zdnet.com\/topic\/a-winning-strategy-for-cybersecurity\/\"><strong><strong>A winning strategy for cybersecurity<\/strong><\/strong><\/a><strong>&nbsp;<\/strong>(ZDNet special report) |&nbsp;<a href=\"https:\/\/www.techrepublic.com\/resource-library\/whitepapers\/a-winning-strategy-for-cybersecurity-free-pdf\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong><strong>Download the report as a PDF<\/strong><\/strong><\/a><strong>&nbsp;<\/strong>(TechRepublic)<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>But that isn&#8217;t where the concealment and self-defence ends, because even after installation Glupteba goes out of its way to stay undetected.<\/p>\n<p>&#8220;The creators seem to have spent an unusual amount of effort on reinforcing the bot&#8217;s stealth capabilities compared to other malware,&#8221; Andrew Brandt, principal researcher at Sophos told ZDNet.<\/p>\n<p>Glupteba uses a number of software exploits is for privilege escalation, primarily so it can install a kernel driver the bot uses as a rootkit, and make other changes that weaken the security posture of an infected host.&nbsp;<\/p>\n<p>Sophos said the rootkit renders filesystem behavior invisible to the computer&#8217;s end user, and also protects any other file the malware decides to store in its application directory. A watcher process then monitors the rootkit and other components for any sign of failure or a crash, and can reinitialize the rootkit driver or restart a buggy component.<\/p>\n<p>&#8220;They&#8217;ve also contrived a somewhat convoluted method to conceal their updates to command-and-control server addresses in plain sight, by staging those updates as encrypted data tied to transactions in the bitcoin blockchain,&#8221; Brandt added.<\/p>\n<p>Glupteba&#8217;s latest campaign is described as relatively prolific, fitting in with what appears to be the aim of compromising as many computers as possible.<\/p>\n<p>Currently, Glupteba&#8217;s main activity appears to be <a href=\"https:\/\/www.zdnet.com\/article\/cryptocurrency-mining-malware-why-it-is-such-a-menace-and-where-its-going-next\/\">cryptocurrency mining<\/a>. But the way it creates a backdoor into compromised computers, combined with the way in which those behind it look to be attempting to create a large botnet of readily available machines, suggests that the ultimate aim is to lease it out as a means of distributing other forms of malware to victims.<\/p>\n<p>&#8220;I&#8217;d say the Glupteba attackers are angling to market themselves as a malware-delivery-as-a-service provider to other malware makers who value longevity and stealth over the noisy quick endgame of, for instance, <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-is-now-the-biggest-online-menace-you-need-to-worry-about\/\">a ransomware payload<\/a>,&#8221; said Brandt.<\/p>\n<p>The way in which those behind Glupteba regularly fix any bugs or crashes that emerge also provides evidence that they&#8217;re looking to maintain a smooth an operation as possible going forward.<\/p>\n<p>The campaign is still active and attempting to recruit more machines into the botnet but the simplest way users can avoid falling victim to Glupteba is buy ensuring the critical security update issued to <a href=\"https:\/\/www.zdnet.com\/article\/wannacrypt-ransomware-microsoft-issues-patch-for-windows-xp-and-other-old-systems\/\">protect against EternalBlue is installed<\/a>.<\/p>\n<p>Microsoft released the patch in 2017, but EternalBlue remains successful because of the <a href=\"https:\/\/www.zdnet.com\/article\/these-are-the-top-ten-software-flaws-used-by-crooks-make-sure-youve-applied-the-patches\/\">significant number of Microsoft Windows systems around the world which haven&#8217;t had it installed<\/a>, putting them at risk of falling victim to this and other malware.<\/p>\n<p>Users should also be wary of downloading applications \u2013 especially cracked ones \u2013 from untrusted sources.<\/p>\n<p>&#8220;The normal general precautions apply here as much as anywhere else: Don&#8217;t run stuff you shouldn&#8217;t, keep everything patched, and always make sure you have some sort of malware protection on your computer,&#8221; said Brandt.<\/p>\n<p><strong>READ MORE ON CYBERSECURITY<\/strong><\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31330\/This-Sneaky-Malware-Goes-To-Unusual-Lengths-To-Cover-Its-Tracks.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35707,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[5312],"class_list":["post-35706","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-24T15:45:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks\",\"datePublished\":\"2020-06-24T15:45:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/\"},\"wordCount\":723,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg\",\"keywords\":[\"headline,hacker,malware\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/\",\"name\":\"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg\",\"datePublished\":\"2020-06-24T15:45:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/","og_locale":"en_US","og_type":"article","og_title":"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-06-24T15:45:15+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks","datePublished":"2020-06-24T15:45:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/"},"wordCount":723,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg","keywords":["headline,hacker,malware"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/","url":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/","name":"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg","datePublished":"2020-06-24T15:45:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks.jpg","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalware\/"},{"@type":"ListItem","position":3,"name":"This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35706"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35706\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35707"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}