Last Updated on 08/12/2020 by OTC
While string concatenation has many valuable applications in development — such as making code more efficient or functions more effective — it is also a popular way for attackers to obfuscate code and try to make it more difficult to detect. Let’s dig into how bad actors are leveraging this technique to conceal their malware.
Avoiding Detection with String Concatenation
String concatenation obfuscation works by using a period between each string, which instructs PHP to join these character strings together and run it as a single function — for example, ‘cr’.’ea’.’te’.’_f’.’un’.’c’.’ti’.’o’.’n’; would become create_function.