AtomBombing – A New Injection Malicious Code That Can Affect Multiple Processes In Windows

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Ensilo’s security researchers have identified a unique method called “AtomBombing” that allows injection of malicious code into multiple processes without getting identified by any antivirus software or endpoint security system.

The reason behind this AtomBombing which remains undetected:

It is based on genuine and legitimate mechanism and that the mechanism of atom tables is currently part of all versions of Windows OS and hence it is undetected by antiviruses and endpoint security systems.

The reason behind the name “AtomBombing” is that it depends on the Windows atom table’s mechanism which are specially designed tables that are provided by the OS. The tables can be used for initiating data sharing between various applications.

However the researchers have also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code. Moreover, the malicious code injection can help attackers in bypassing limitations that let only a certain data to be accessed by particular processes only which includes stealing encrypted passwords used for another application the code injection can help or it may also aid in capturing screenshots of the user’s desktop despite the malware process doesn’t have the necessary privilege.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply