Malware is increasingly able to target users in specific geographic locations, while not targeting users in other geographic locations. For example, malware may identify locations where it runs by analyzing the results of geo-IP requests and local artifact requests. When the malware identifies its current location as a target location, the malware may execute a malicious payload. For example, a Brazilian Banking Trojan may be configured to execute a malicious payload when running on a user machine in a bank in Brazil. However, the Brazilian Banking Trojan will not execute the malicious payload when running on a user machine in Chile and will not appear as malware on the user machine in Chile.
The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting geolocation-aware malware.