Hiding malicious code with “Module Stomping”

Discussion in 'malware problems & news' started by mood, Aug 16, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,667
    Hiding malicious code with “Module Stomping”
    August 15, 2019
    https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,317
    Location:
    The Netherlands
    Sounds a bit like an even more advanced version of process hollowing. But I do believe that a tool like HMPA checks for modification of legitimate modules inside the browser. If it finds any modification, it alerts about a possible browser infection by some banking trojan.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,821
    Location:
    U.S.A.
    AVs that employ advanced memory scanning should be able to detect this:
    Also:
    https://attack.mitre.org/techniques/T1055/
     
    Last edited: Aug 17, 2019
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,667
    Hiding malicious code with “Module Stomping”: Part 2
    August 30, 2019
    https://blog.f-secure.com/hiding-malicious-code-with-module-stomping-part-2/
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,667
    Hiding malicious code with “Module Stomping”: Part 3
    September 23, 2019
    https://blog.f-secure.com/cowspot-real-time-module-stomping-detection/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.