Windows CLI Apps Vulnerable to New Ctrl-Inject Process Injection Attack

Discussion in '0-day Release' started by silversurfer, May 9, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Rotem Kerner, a security researcher with enSilo, has discovered a new process injection technique that can be abused by malicious actors to hide malware inside Windows-based CLI applications.

    The technique, named Ctrl-Inject, abuses the Windows "CtrlRoutine" function, used by command-line applications to assure keyboard-based interfacing between the user and the app.

    In a technical write-up published yesterday, Kerner described a way that a malicious actor could abuse this function to spawn malicious threads inside a legitimate CLI app's process and run malicious code.

    Full Article:
  2. Google Adsense

Share This Page