Security News > 2023 > June > New Mockingjay Process Injection Technique Could Let Malware Evade Detection

A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems.

Process injection is an attack method that allows adversaries to inject code into processes in order to evade process-based defenses and elevate privileges.

Some of the well-known process injection techniques include dynamic link library injection, portable executable injection, thread execution hijacking, process hollowing, and process doppelgänging, among others.

The Israeli company said it explored two different methods - self injection and remote process injection - to achieve code injection in a manner that not only improves the attack efficiency, but also circumvents detection.

Remote process injection, on the other hand, entails using the RWX section in the vulnerable DLL to perform process injection in a remote process such as ssh.

"The uniqueness of this technique lies in the fact that there is no need to allocate memory, set permissions or create a new thread within the target process to initiate the execution of our injected code," the researchers said.

News URL

https://thehackernews.com/2023/06/new-mockingjay-process-injection.html