FireEye experts have analyzed a Trojan which employs some interesting techniques in order to hide itself and the identity of its master.
Dubbed Trojan Nap, the malware relies on extended sleep calls to evade automated analysis systems and uses the fast flux technique to ensure that the attacker’s identity can’t be uncovered.
Interestingly, the Trojan fits the description of a threat used in the recent cyberattacks against The New York Times. The malware utilized in the NYT attacks relied on compromised university computers as front-end agents and constantly switched IP addresses.
This isn’t the first piece of malware that uses such techniques to hide its presence. Back in December 2012, FireEye experts spotted a Trojan, dubbed Upclicker, which leveraged the mouse hooking function to evade sandbox environments.
A technical analysis of Trojan Nap is available on FireEye’s blog.