Cylance & AI based antivirus fooled to avoid malware detection

A group of web application security specialists designed a method to bypass Cylance’s antivirus solution, powered by artificial intelligence software. Using this method, specialists managed to trick this antivirus, making it think that malware variants like WannaCry are legitimate software. 

Among members of the cybersecurity community it is believed to think of artificial intelligence as the ultimate solution for malware detection. Supporters of this idea claim that its use would significantly improve the capabilities of conventional antiviruses, as artificial intelligence is able to find updated versions of known malware and even unregistered flaws, such as zero-day vulnerabilities.

Security firm BackBerry Cylance has opted for the development of an artificial intelligence engine for PROTECT, its endpoint malware protection system; “This tool can anticipate malicious actors even for years,” mention the firm’s web application security experts.

However, the research, published by Vice, states that experts have already developed a method to circumvent the detection of this machine learning algorithm. Generally, hackers try to alter the source code of the malware to try to dodge antivirus programs, in this case, researchers developed a method that consists of taking some strings of legitimate software and adding them to the code of the malware, so this will be detected as a conventional program.

According to web application security experts, this approach was successful because Cylance’s machine learning algorithm focuses primarily on detecting benign software, ignoring malware’s own elements. In addition, this approach works even if the Cylance engine previously concluded that the same file was malicious, before the common software strings were added to it.

Experts tested this attack using the WannaCry ransomware, known for the computer chaos generated a couple of years ago, in addition to the latest version of SamSam, another dangerous variant of ransomware.

According to specialists from the International Institute of Cyber Security (IICS), this is a sign of the long work that remains to be done in the development of artificial intelligence because, although over the years this kind of attack vectors, this option will still not be a definitive solution.