Hiding malicious code with “Module Stomping”

Discussion in 'malware problems & news' started by mood, Aug 16, 2019 at 6:48 AM.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    15,919
    Hiding malicious code with “Module Stomping”
    August 15, 2019
    https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    Sounds a bit like an even more advanced version of process hollowing. But I do believe that a tool like HMPA checks for modification of legitimate modules inside the browser. If it finds any modification, it alerts about a possible browser infection by some banking trojan.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,580
    Location:
    U.S.A.
    AVs that employ advanced memory scanning should be able to detect this:
    Also:
    https://attack.mitre.org/techniques/T1055/
     
    Last edited: Aug 17, 2019 at 2:37 PM
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.