A newly discovered malware strain known as SLOTAGENT is drawing attention from cybersecurity experts due to its advanced evasion techniques and ability to remain undetected for extended periods. Unlike traditional malware that relies on brute-force methods or noisy behavior, SLOTAGENT is designed for stealth. It primarily spreads through phishing emails disguised as legitimate business documents or software updates. Once executed, the malware operates silently in the background and establishes communication with a remote command-and-control server while minimizing network activity to avoid detection. The threat was identified by analysts at IIJ-SECT during an investigation into suspicious network traffic linked to a targeted intrusion. found that the malware’s architecture is specifically engineered to resist both static and dynamic analysis.

At the core of SLOTAGENT’s evasion strategy are two key techniques API hashing and encrypted strings. Instead of listing system functions in a readable import table, the malware uses hashed values to resolve required APIs at runtime. This prevents analysts and automated tools from easily understanding its behavior. Additionally, critical data such as server addresses and configuration details are stored in encrypted form and only decrypted during execution, further complicating analysis.

These capabilities allow SLOTAGENT to remain hidden for weeks or even months, increasing the risk of data theft, unauthorized access, and the deployment of additional malicious payloads. Its ability to evade detection also makes incident response significantly more challenging.