Misinformation in malware analysis

This website contains false, dubious or misleading claims related to infosecurity, with a particular focus on malware analysis and forensics. The claims below appeared on news websites, blogs or in research papers. Each claim is accompanied by reasons specifying why it’s considered misleading or false.

The website is not meant to be comprehensive coverage of all misinformation, but rather serve as a repository of false claims which gained prominence.

Claims

Claims below are listed in a random order. Click on each to learn more.

1. Only a complete examination of the physical phone can lead to the detection of malware.
2. Unexpected pop-ups can indicate a spyware infection.
3. Users can “fake” a malware infection by “planting” fake forensic artefacts.
4. A name of a process similar to a legitimate process name means it’s not malware.
5. Automated detection tools are useless, because they can be fooled.
6. It’s impossible to attribute an IP address to a country.
7. It’s impossible to analyse a domain that has expired.
8. Pegasus spyware contains comments in the Chinese language.
9. Expired domains are not a useful indicator of compromise.
10. If the data is encrypted, malware won’t be able to steal it.