image credit: pxfuel
The reason is simple: encryption obfuscates malware code, making it difficult to analyze; prevents users from accessing the component files in the event of an infection; and hides and secures the attackers’ malicious network communication. In short, malware encryption makes it harder for traditional defenses to detect and mitigate that malware.
Malware normally collects victim machine data as the first phase of victim reconnaissance. If this data is encrypted before being sent back to the attacker — especially if the destination is a legitimate service (like Pastebin or GitHub) that also normally communicates with encryption — it is less likely to be detected as any form of communication from internal malware to external attacker.
