The fileless code injection approach known as Process Doppelgänging is actively being utilized by not only one or two however a lot of malware households within the wild, a brand new report shared with The Hacker News revealed.
Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection approach that takes benefit of a built-in Windows operate to evade detection and works on all fashionable variations of Microsoft Windows working system.
Process Doppelgänging assault works by using a Windows function known as Transactional NTFS (TxF) to launch a malicious course of by changing the reminiscence of a respectable course of, tricking course of monitoring instruments and antivirus into believing that the respectable course of is working.
Few months after the disclosure of this system, a variant of the SynAck ransomware turned the first-ever malware exploiting the Process Doppelgänging approach, focusing on customers within the United States, Kuwait, Germany, and Iran.
Shortly after that, researchers found a dropper (loader) for the Osiris banking trojan that was additionally utilizing this system together with a beforehand found comparable malware evasion approach known as Process…