Popular Malware Families Using ‘Process Doppelgänging’ to Evade Detection

process doppelganging malware

The fileless code injection approach known as Process Doppelgänging is actively being utilized by not only one or two however a lot of malware households within the wild, a brand new report shared with The Hacker News revealed.

Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection approach that takes benefit of a built-in Windows operate to evade detection and works on all fashionable variations of Microsoft Windows working system.

Process Doppelgänging assault works by using a Windows function known as Transactional NTFS (TxF) to launch a malicious course of by changing the reminiscence of a respectable course of, tricking course of monitoring instruments and antivirus into believing that the respectable course of is working.

Few months after the disclosure of this system, a variant of the SynAck ransomware turned the first-ever malware exploiting the Process Doppelgänging approach, focusing on customers within the United States, Kuwait, Germany, and Iran.

Shortly after that, researchers found a dropper (loader) for the Osiris banking trojan that was additionally utilizing this system together with a beforehand found comparable malware evasion approach known as Process…


Source link

Leave a Comment

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial

Enjoy this blog? Please spread the word :)