The learning process of Swizzor
As mentioned in "Swizz with me" article, Swizzor is written by a group of highly skilled coders. They are always ready to improve the generator, make the Swizzor binaries more and more similar to common applications linked with MSVC and make the detection of new variants harder and harder. I can shortly describe the learning process:
What will follow?
The most recent evolution step of Swizzor shows us the effort to make the resources generation even better. Here are some screenshots taken from a Swizzor sample generated two weeks ago:
The generated text is not perfect, but is good enough to fool simple statistical methods (all words have common lengths, the letters are well distributed - they have no suspicious repetitions etc.). But - it's not a known language and some more sophisticated methods can discover it. What's the solution used by Swizzor authors? It's an English dictionary - simple and effective. What you can see in the pictures below (taken from a Swizzor sample, that arrived today)?
There are "color", "folders", "wireless" and other English words. The dialogs are still quite ugly, but we can guess that it will be the next step in Swizzor evolution. I'm quite curious what will be the way chosen by Swizzor authors (the fine tuning of code or some improvements to the resources generator), but I'm also a bit afraid of that, they're gonna make a perfect obfuscation.
Cybercrooks could easily watch people in private and public spaces via webcams, stream the video directly to the internet, or turn the device into a bot.
Highly effective Cerber ransomware is spread via phishing emails and demands more than $700 in ransom