Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
"Early Bird" Code Injection Technique Helps Malware Stay Undetected
#1
Quote:Security researchers have discovered at least three malware strains using a new code injection technique that allowed them to avoid antivirus detection.

They named the technique "Early Bird" because its mode of operation relies on using legitimate Windows OS functions to inject malicious code inside application processes before the actual app process starts and anti-malware products hook into the process to scan for malicious behavior.

Security researchers from Cyberbit, a cyber-security firm based in Ra’anana, Israel, say they found the technique while analyzing the TurnedUp backdoor, a malware strain used by APT33, a suspected Iranian cyber-espionage group.

Later, researchers found that the DorkBot malware downloader and the Carberp malware used in hacks at financial institutions were also using the Early Bird technique.

Cyberbit published a report yesterday with the finer details of the injection process, along with a YouTube video.



Read the full article:  HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  The new landscape of pre-installed mobile malware: malicious code within Mohammad.Poorya 0 2,289 01-03-2019 , 05:05 AM
Last Post: Mohammad.Poorya
  Whiteboard Wednesday - Mitigation Technique DEP baziroll 0 1,553 05-16-2017 , 05:47 PM
Last Post: baziroll
  Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory baziroll 0 1,685 05-03-2017 , 10:24 PM
Last Post: baziroll
  Malware Analysis - Hook Injection PoC by Robert Kuster baziroll 0 1,610 04-30-2017 , 10:16 PM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)