How a malware works

Computers & TechnologyBlogging / Forums

  • Author Shahriar Galib
  • Published May 29, 2023
  • Word count 682

Hacking is one of the most enjoyable and mysterious tech fields in the world. There are tons of different sides of hacking which you can choose as your career. But among all of them, my favourite one is "The Red Teaming" sector.Where a hacker aggressively/offensively attacks a system(with permissions) and hacks into it to show the vulnerabilities of that system to the Blue Team.

Malware Development is one of the most important skills a red teamer needs to have.If you don't know how to code malwares, then you will not know how they can attack your/your client's organization.

A malware is nothing but a program or software that runs or executes on a system and takes full control over that.A malware can steal your files , encrypt them, fetch important credentials, spy through your camera and a bunch of other dangerous things. To program a malware first you need to fix the target platform. A target platform is more like the OS your victim runs.It can be a windows system or an android and even an iOS.

For hacking into a windows pc you can code your malware in C, C++, Python, Assembly and many other languages. I have just mentioned the widely used languages. It seems like a headache to choose your programming language for developing a malware.But it is not the thing you should worry about. The thing you need to focus on is if your malware is FUD(Fully Undetectable) or not. But yes, if you are going for a windows victim then i would recommend C or Assembly .For android, better go with Java or C++

Now let's get into the real discussion. How a malware works!

A malware program consists of some really interesting abilities:

  1. Building a connection:

-Malicious programs that infect the victim system must build a connection with the attacker's pc. It is considered as reverse TCP connection. It can be done by Socket, SignalR etc.

  1. Being Stealthy:

-A malware needs to run on the victim system in a such way, so that the victim does not get to know if there is a malicious program running or not. It can execute and run it's process in the background, which makes it do it's work silently. There are libraries in C that can co-operate to code a stealthy malware

  1. Feature functions:

-A malware does have a bunch of functions that are user defined. In these functions, the hacker writes the code that returns some specific malicious results to the hacker. For example, I have written a function in the client file that has the codes to copy the bytes of an image of the victim system and sent them to the server that the hacker has. There will be tons of other functions written by a hacker that can do various of malicious activities.


-After coding the malware a hacker needs to do the most important thing which has no alternative. That is obfuscation. Obfuscation is making the virus so much unfamiliar to the anti-viruses so that they can't detect it and flag it as a virus. For that purpose we can do things like Packing, Encrypting, Hex Editing or writing the codes in such a way that can not be read by a human or an anti-virus. As an example, the function to fetch credentials of the system may have the codes where we need to work with the file paths of the system. There we can write those paths in a very abnormal way. Instead of "C:\Users\Public\creds.txt" we can write:

import platform

wallpaper = chr(67)

life = ":"

design = "Pub"

def riv():

if platform.system() == "Windows":

return "\"

asset = wallpaper+life+riv()+"Users"+riv()+design+"lic"+riv()+"creds"+".txt"


The above Python code prints exactly "C:\Users\Public\creds.txt"

We just made it look so difficult to read for the AV solutions.

These were the steps how a malware works. Now obviously a malware structure is far more complex than this article says. But these are the fundamental parts a malware contains.

Hello, My name is Shahriar Galib.I am a Cyber Security Specialist and a trainer from Bangladesh.

I have been learning and researching on various security threats and attacks for almost 6 years.

Article source:
This article has been viewed 350 times.

Rate article

Article comments

There are no posted comments.

Related articles