Analysis and development of polyglot files
Polyglot files, capable of simultaneously complying with the specifications of multiple formats, are an advanced evasion technique commonly used to hide malware in seemingly legitimate files. This project examines their practical viability and use in real-world cyberattacks, as well as the weaknesse...
| Autor: | |
|---|---|
| Formato: | tesis de maestría |
| Fecha de publicación: | 2025 |
| País: | España |
| Recursos: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/451931 |
| Acesso em linha: | https://hdl.handle.net/2117/451931 |
| Access Level: | acceso abierto |
| Palavra-chave: | Malware (Computer software) Cybersecurity Malware Polyglot Programari maliciós Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Resumo: | Polyglot files, capable of simultaneously complying with the specifications of multiple formats, are an advanced evasion technique commonly used to hide malware in seemingly legitimate files. This project examines their practical viability and use in real-world cyberattacks, as well as the weaknesses of various formats that allow malicious code to be inserted by exploiting headers, end of files, and internal fields such as comment spaces. The cases studied confirm that polyglots have already been used in advanced campaigns, such as the Pegasus spyware, and highlight their role in the initial delivery of malware within more complex attack chains. Tests show that while signature-based antivirus software can detect some polyglots, others can evade antivirus engines and sandboxes, revealing significant gaps in current detection systems. In conclusion, polyglot files are a real and effective threat, especially when combined with advanced evasion techniques. Detecting them requires a more detailed analysis of file structures and new defensive strategies to counter increasingly stealthy and intelligent attack tactics. |
|---|