Phantom Malware: Conceal Malicious ActionsFrom Malware Detection Techniques byImitating User Activity State of the art malware detection techniques only consider the interaction of programswith the operating system’s API (system calls) for malware classification. This paper demonstrates thattechniques like these are insufficient. A point that is overlooked by the currently existing techniques ispresented in this paper: Malware is able to interact with windows providing the corresponding functionalityin order to execute the desired action by mimicking user activity. In other words, harmful actions willbe masked as simulated user actions. To start with, the article introduces User Imitating techniques forconcealing malicious commands of the malware as impersonated user activity. Thereafter, the concept ofPhantom Malware will be presented: This malware is constantly applying User Imitating to execute eachof its malicious actions. A Phantom Ransomware (ransomware employs the User Imitating for every ofits malicious actions) is implemented in C++for testing anti-virus programs in Windows 10. Software ofvarious manufacturers are applied for testing purposes. All of them failed without exception https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9186656#abc
