Hiding malicious code with “Module Stomping”

Discussion in 'malware problems & news' started by guest, Aug 16, 2019.

  1. guest

    guest Guest

    Hiding malicious code with “Module Stomping”
    August 15, 2019
    https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Sounds a bit like an even more advanced version of process hollowing. But I do believe that a tool like HMPA checks for modification of legitimate modules inside the browser. If it finds any modification, it alerts about a possible browser infection by some banking trojan.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    AVs that employ advanced memory scanning should be able to detect this:
    Also:
    https://attack.mitre.org/techniques/T1055/
     
    Last edited: Aug 17, 2019
  4. guest

    guest Guest

    Hiding malicious code with “Module Stomping”: Part 2
    August 30, 2019
    https://blog.f-secure.com/hiding-malicious-code-with-module-stomping-part-2/
     
  5. guest

    guest Guest

    Hiding malicious code with “Module Stomping”: Part 3
    September 23, 2019
    https://blog.f-secure.com/cowspot-real-time-module-stomping-detection/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.