Advanced persistent threats behind mouse clicks

A new sophisticated malware is able to evade multiple detection schemes, and is distributed using rigged Microsoft Word documents. The stealthy BaneChant.APT Trojan lurks in Word files, but what sets it apart is its ability to thwart detection by detecting various human interaction signals such as multiple mouse clicks. It uses a high degree of stealth for extended periods and it continues to operate even if the primary objectives have been achieved.

Takeaway: As security and defense technologies advance, so does malware. The evolution of this malware is clearly exemplified by its ability to approximate human behavior by counting mouse-clicks and downloading phony update files. The malware’s most remarkable feature is its ability to evade forensic analysis by waiting for an Internet connection to execute its code.