'Waterbear' Employs API Hooking to Hide Malicious Behavior

Discussion in 'malware problems & news' started by mood, Dec 13, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    24,063
    'Waterbear' Employs API Hooking to Hide Malicious Behavior
    December 13, 2019
    https://www.securityweek.com/waterbear-employs-api-hooking-hide-malicious-behavior
    Trend Micro: Waterbear is Back, Uses API Hooking to Evade Security Product Detection
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,397
    Location:
    The Netherlands
    But isn't it true that in order to use API hooking, you first need to perform code injection? So if security tools can block this, they can also stop the API hooking part. Or better yet, Windows should it make it harder to perform API hooking, only "trusted" security tools should be able to do this. Similar to how they protected the kernel with PatchGuard.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.