Ensilo’s security researchers have identified a unique method called “AtomBombing” that allows injection of malicious code into multiple processes without getting identified by any antivirus software or endpoint security system.
The reason behind this AtomBombing which remains undetected:
It is based on genuine and legitimate mechanism and that the mechanism of atom tables is currently part of all versions of Windows OS and hence it is undetected by antiviruses and endpoint security systems.
The reason behind the name “AtomBombing” is that it depends on the Windows atom table’s mechanism which are specially designed tables that are provided by the OS. The tables can be used for initiating data sharing between various applications.
However the researchers have also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code. Moreover, the malicious code injection can help attackers in bypassing limitations that let only a certain data to be accessed by particular processes only which includes stealing encrypted passwords used for another application the code injection can help or it may also aid in capturing screenshots of the user’s desktop despite the malware process doesn’t have the necessary privilege.