Jump to content

Search the Community

Showing results for tags 'antivirus'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • General
    • General Discussion
    • Artificial Intelligence
    • DevOpsForum News
  • DevOps & SRE
    • DevOps & SRE General Discussion
    • Databases, Data Engineering & Data Science
    • Development & Programming
    • CI/CD, GitOps, Orchestration & Scheduling
    • Docker, Containers, Microservices, Serverless & Virtualization
    • Infrastructure-as-Code
    • Kubernetes & Container Orchestration
    • Linux
    • Logging, Monitoring & Observability
    • Security, Governance, Risk & Compliance
  • Cloud Providers
    • Amazon Web Services
    • Google Cloud Platform
    • Microsoft Azure

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

Website URL

LinkedIn Profile URL

About Me

Cloud Platforms

Cloud Experience

Development Experience

Current Role

Skills

Certifications

Favourite Tools

Interests

Found 1 result

  1. TechRadar
    Cybersecurity researchers from Trend Micro have uncovered a brand new piece of malware that uses an unusual method of hiding from antivirus programs. The malware is called UNAPIMON, and is apparently being used by Winnti, an established Chinese state-sponsored threat actor that was behind some of the most devastating attacks against governments, hardware and software vendors, think tanks, and more. According to Trend Micro, many malware variants are using a method known as API hooking to eavesdrop on calls, grab sensitive data, and tweak different software. Therefore, many security tools also use API hooking to track the malware. Simplicity and originality "With UNAPIMON, things are different. It uses Microsoft Detours for hooking the CreateProcessW API function, which allows it to unhook critical API functions in child processes. As a result, it successfully evades antivirus detection. A unique and notable feature of this malware is its simplicity and originality," Trend Micro said in its report. "Its use of existing technologies, such as Microsoft Detours, shows that any simple and off-the-shelf library can be used maliciously if used creatively. This also displayed the coding prowess and creativity of the malware writer." "In typical scenarios, it is the malware that does the hooking. However, it is the opposite in this case." Using Microsoft Detours in this regard has other benefits, too, the researchers explained. As this is a legitimate debugging tool, it even evades behavioral detection. In its writeup, BleepingComputer described Winnti hackers as “known for their novel methods of evading detection when conducting attacks.” Back in 2020, the group was spotted abusing Windows print processors to hide a piece of malware and persist on the target network. Two years later, they broke a Cobalt Strike beacon into more than a hundred pieces, and only reconstructed it when they needed to use it. More from TechRadar Pro Linux version of Winnti malware foundHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

  • Forum Statistics

    43.4k
    Total Topics
    42.8k
    Total Posts
×
×
  • Create New...