News — Using legitimate tools to hide malicious code
Using legitimate tools to hide malicious code
malicious code malware Using legitimate tools to hide malicious code
Using legitimate tools to hide malicious code By Anatoly Kazantsev The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe. But some samples employ other interesting methods. We’re going to discuss one such type of malware. Our eye was caught by various samples for .NET that use the trusted application InstallUtil.exe from the Microsoft .NET Framework (information from Microsoft’s website: “The Installer...