BlackBerry Cylance AI-based anti-virus 'tricked' into passing malware off as safe

Researchers in Australia claim to have tricked a popular anti-virus security system, supposedly based on artificial intelligence (AI) rather than signatures, into thinking malware isn't harmful.

Using a "global bypass method", specialists at Skylight Cyber were able to get BlackBerry Cylance's PROTECT system to identify malware as "goodware".

They continued: "AI applications in security are clear and potentially useful. However AI-based products offer a new and unique attack surface.

"Namely, if you could truly understand how a certain model works, and the type of features it uses to reach a decision, you would have the potential to fool it consistently, creating a universal bypass."

If you could truly understand how a certain model works, and the type of features it uses to reach a decision, you would have the potential to fool it consistently

According to the researchers, they identified "a peculiar bias towards a specific game" after conducting an analysis of the system.

The researchers continued: "Combining an analysis of the feature extraction process, its heavy reliance on strings, and its strong bias for this specific game, we are capable of crafting a simple and rather amusing bypass."

The added that by appending a selected list of strings to a malicious file, they could change its score significantly to avoid detection. "This method proved successful for 100 per cent of the top 10 Malware for May 2019, and close to 90 per cent for a larger sample of 384 malware."

We are always amused to see the shock on people's faces when you tell them that the new security toy they spent millions of dollars buying and integrating can be bypassed

To test their method, the researchers uploaded a list of the top ten malware (published by the Center for Internet Security) and called the results "staggering".

The results show that negative scores were turned to positive, meaning some of the most dangerous forms of malware were able to escape detection.

Malware
SHA256
Score Before
Score After
CoinMiner
1915126c27ba8566c624491bd2613215021cc2b28e5e6f3af69e9e994327f3ac
-826
884
Dridex
c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10
-999
996
Emotet
b3be486490acd78ed37b0823d7b9b6361d76f64d26a089ed8fbd42d838f87440
-923
625
Gh0stRAT
eebff21def49af4e85c26523af2ad659125a07a09db50ac06bd3746483c89f9d
-975
998
Kovter
40050153dceec2c8fbb1912f8eeabe449d1e265f0c8198008be8b34e5403e731
-999
856
Nanobot
267912da0d6a7ad9c04c892020f1e5757edf9c4762d3de22866eb8a550bff81a
971
999
Pushdo
14c358cc64a929a1761e7ffeb76795e43ff5c8f6b9e21057bb98958b7fa11280
-999
999
Qakbot
869985182924ca7548289156cb500612a9f171c7e098b04550dbf62ab8f4ebd9
-998
991
Trickbot
954961fd69cbb2bb73157e0a4e5729d8fe967fdf18e4b691e1f76aeadbc40553
-973
774
Zeus
74031ad4c9b8a8757a712e14d120f710281027620f024a564cbea43ecc095696
-997
997

Discussing the results, the researchers said: "Almost all of these samples have changed from the most evil file on the planet, to your friendly neighborhood file. Again, the only treatment applied to these files, is the addition of the ‘special sauce' as a simple concatenation."

After downloading a list of 384 malicious files and running them through the test, the researchers generated the following results:

They concluded: "We are always amused to see the shock on people's faces when you tell them that the new security toy they spent millions of dollars buying and integrating can be bypassed.

"The same goes for new silver bullets, like AI based security. We are anything but surprised with the results, and we are confident that the same type of process can be applied to other pure AI vendors to achieve similar results."