Malware, or malicious software, often provides unauthorized access to a personal or company's computing device and can lead to many negative outcomes, from identity theft to a viral attack on a company's infrastructure. In general, malware is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. Malware may be downloaded to a user's computer through a public network, such as the Internet, and attach to existing executable content on a user's computer. Once installed or executed on the user's computer, the malware may obtain information from the user's computer and/or gain control over some or all of the computer's functions.
In many instances, malware is designed to steal information or spy on computer users for an extended period without their knowledge, or it may be designed to cause harm, often as sabotage or to extort payment. As used herein, “malware” may refer to a variety of forms of hostile or intrusive software applications inadvertently obtained from a public network, including viruses, worms, Trojan horses, ransomware, spyware, adware, and other malicious programs. Typically, such malware is included embedded in programs downloadable from websites that appear useful to the users. However, when executed on the user's computer, the programs include the additional hidden tracking functionality that gathers information from the user's computer and provides such information to a third party over a network.
Software such as anti-virus programs, anti-malware programs, and firewall programs or devices is used to try and protect a user's computer against activity identified as malicious, and to recover from attacks. However, for such programs and devices to work, the source, type, or signature of the malware is typically known prior to the user's computer accessing the malware. In other words, the preventative programs and devices know what to monitor for while a user accesses the public network to block the malware from being downloaded to the user's computer. Building up a database of known malware programs or signatures of malware takes time and processing power to accomplish and may, in some instances, require a user to experience the effects of the malware program before the identification of the program is known by the anti-virus program.
Many anti-virus systems attempt to detect malware programs through emulated Internet browsers or sandbox programs that allow the malware to be downloaded and explored without infecting a user's computer or connected network. However, malware is often designed to detect when it is executed in an emulated browser or sandbox environment and cease working or be deleted. In this manner, malware attempts to protect itself from detection when executed in a safe environment so that the malware may not be detected for use in mitigation techniques. Sophisticated malware programs may also monitor and detect interactions with the browser, such as inputs received in the browser from an input device and a browser history file indicating previous websites visited through the browser, to further determine whether the malware is being executed in an emulated environment.