[Paper of the day][#6] Is there any difference between a single-core #malware and a multi-core malware? We show how to bypass many information flow tracking mechanisms (thus detectors) via splitting malicious actions into multiple #threads and processes. We show how our distributed #DLL #injector is not detected by traditional #AVs. We also show how cache #side-channels can be exploited for covert thread synchronization.

Academic paper: https://link.springer.com/article/10.1007/s11416-019-00333-y
Archived version: https://secret.inf.ufpr.br/papers/marcus-vanilla.pdf
Code: https://github.com/marcusbotacin/Malware.Multicore