As increasingly seen in recent years, display-controlling malware may take control of the display of a computing device and may prevent a user from regaining control of the device. Display-controlling malware commonly takes the form of ransomware, which may attempt to restrict access to the computing device until the user makes a payment to the malware's creator. Ransomware typically claims that the user has accessed illegal content or is running pirated software and that the user must pay a fine to regain access to the device.
Detecting display-controlling malware may pose particular challenges to developers of anti-malware systems, as compared to other forms of malware. Display-controlling malware may be implemented as a standalone program, or may infect another program, as with a computer virus. Propagation may occur via many of the same mechanisms as other forms of malware. Code analysis or behavioral analysis detection methods may prove ineffective, since display-controlling malware may use many of the same operating system interfaces as harmless programs while avoiding many of the malicious behaviors that characterize other forms of malware.
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for detecting display-controlling malware.