Ensilo’s security researchers have identified a unique method called “AtomBombing” that allows injection of malicious code into multiple processes without getting identified by any antivirus software or endpoint security system.
The reason behind this AtomBombing which remains undetected:
It is based on genuine and legitimate mechanism and that the mechanism of atom tables is currently part of all versions of Windows OS and hence it is undetected by antiviruses and endpoint security systems.
The reason behind the name “AtomBombing” is that it depends on the Windows atom table’s mechanism which are specially designed tables that are provided by the OS. The tables can be used for initiating data sharing between various applications.
However the researchers have also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code. Moreover, the malicious code injection can help attackers in bypassing limitations that let only a certain data to be accessed by particular processes only which includes stealing encrypted passwords used for another application the code injection can help or it may also aid in capturing screenshots of the user’s desktop despite the malware process doesn’t have the necessary privilege.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020