PROPagate Code Injection Technique Detected in the Wild for the First Time

Discussion in '0-day Release' started by silversurfer, Jun 29, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Security firm FireEye has detected that malware authors have deployed the PROPagate code injection technique for the first time inside a live malware distribution campaign.

    PROPagate is a relatively new code injection technique discovered last November. Back then, a security researcher found that an attacker could abuse the SetWindowSubclass API, a function of the Windows operating system that manages GUIs, to load and execute malicious code inside the processes of legitimate apps.

    The infosec research community deemed the technique innovative, similar in creativity to the AtomBombing technique, albeit both different in their own right.

    But while it took malware authors four months to weaponize AtomBombing and use it in active malware campaigns, PROPagate proved to be a little harder to integrate, as its first appearance came in the double the time.

    In a report published yesterday, FireEye, a leading cyber-security firm, discovered one malware campaign using the PROPagate technique to inject malware into legitimate processes.

    Full Article:
    Der.Reisende, revC0de and RGiskardR like this.
  2. Google Adsense

Share This Page