Researchers at enSilo have identified a new method that can be used by hackers to execute a piece of malware on any supported version of Windows without being detected by security products.
The new technique, dubbed “Process Doppelgänging,” is similar to process hollowing, a code injection method that involves spawning a new instance of a legitimate process and replacing the legitimate code with malicious one. This technique has been used by threat actors for several years and security products are capable of detecting it.
Leave a reply
