Modern Malware: The Shapeshifter Problem

Incoming transmission

The classics — viruses, worms, trojans — those are well-documented. You know what ransomware is. You know about spyware. That's the required reading, and it's covered in the first volume.

This is what kept evolving while everyone was focused on the classics. Infostealers that drain your accounts without making a sound. Doxware that doesn't encrypt anything — it just threatens to destroy your reputation. Supply chain attacks that compromise you through software you deliberately chose to install from the official website. Adversary-in-the-Middle attacks that defeat MFA in real time. AI that writes malware faster than defenders can build signatures for it.

Eight chapters. This is not theoretical — every attack type in this manual has been used in documented campaigns against real people and real organizations. Some of them are happening right now, at scale, to people who thought they were being careful.

The goal isn't to scare you. The goal is to make sure you know what you're actually up against.

— Commander Shepard