Evasive Malware by Kyle Cucci

To blend in with their target environment, modern evasive threats must remain hidden on the infected host. Two methods they use to do so are process injection and process image manipulation. Process injection involves injecting and executing nefarious code inside another process rather than executing it directly, while process image manipulation involves tampering with process images and abusing the way Windows handles processes. Malware can also use process injection techniques to inject hooks into a target process. Hooking allows the malware to intercept API function calls and monitor or ...