code injection – Page 3 – WindowsTechs.com

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company

Posted on September 10, 2018 by GReAT

Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. This campaign was active immediately prior to Central Asian high-level meeting and we suppose that actor behind still follows regional political agenda. Continue reading LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company→

Pinterest Browser Extension Injects Unwanted Code into 5K Websites

Posted on July 25, 2018 by Tara Seals

A Pinterest browser button leaks malformed code into any browser-based text editor. Continue reading Pinterest Browser Extension Injects Unwanted Code into 5K Websites→

Recent Andariel Group ActiveX Attacks Point to Future Targets

Posted on July 17, 2018 by Lindsey O'Donnell

Changes in the group’s script may indicate that the hackers may start using attack vectors other than ActiveX. Continue reading Recent Andariel Group ActiveX Attacks Point to Future Targets→

New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection

Posted on April 12, 2018 by Lindsey O'Donnell

Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. Continue reading New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection→

Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak

Posted on March 13, 2018 by Windows Defender Research

On March 7, we reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers. Windows Defender Antivirus, with its behavior monitoring, machine learning technologies, and layered appr… Continue reading Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak→

Turkish, Egyptian ISPs help local government conduct massive spyware operation

Posted on March 12, 2018 by Luana Pascu

Canadian researchers from human rights organization Citizen Lab uncovered a major computer espionage operation spreading across Turkey, Egypt and, indirectly, Syria. The operation, which started in 2017, is a nation-state-level network injection to del… Continue reading Turkish, Egyptian ISPs help local government conduct massive spyware operation→

Platinum APT First to Abuse Intel Chip Management Feature

Posted on June 9, 2017 by Michael Mimoso

Microsoft has found a file-transfer tool used by the Platinum APT that leverages Intel Active Management Technology to stealthily load malware onto networked computers. Continue reading Platinum APT First to Abuse Intel Chip Management Feature→

Dvmap: the first Android malware with code injection

Posted on June 8, 2017 by Roman Unuchek

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Continue reading Dvmap: the first Android malware with code injection→

VU#834067: Apache Struts 2 is vulnerable to remote code execution

Posted on March 14, 2017 by CERT

Apache Struts,versions 2.3.5 – 2.3.31 and 2.5 – 2.5.10,is vulnerable to code injection leading to remote code execution(RCE). Continue reading VU#834067: Apache Struts 2 is vulnerable to remote code execution→

Windows Atom Tables Can Be Abused for Code Injection Attacks

Posted on October 27, 2016 by Tom Spring

Attackers can leverage a design weakness in all versions of Windows to carry out code injection attacks that bypass detection by security software. Continue reading Windows Atom Tables Can Be Abused for Code Injection Attacks→