• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Microsoft

AtomBombing; An Injection Code that Infects Multiple Processes in Windows

October 30th, 2016 Waqas Security, Malware, Microsoft, Technology News 0 comments
AtomBombing; An Injection Code that Infects Multiple Processes in Windows
Share on FacebookShare on Twitter
Security Researchers Discover AtomBombing — An Injection Code that Infects Multiple Processes in Windows leading to malware installation.

Ensilo’s security researchers have identified a unique method that allows injection of malicious code into multiple processes without getting identified by any endpoint security system or antivirus software. This method has been labeled as AtomBombing

It has been named so because it depends on the Windows atom tables’ mechanism; these are specially designed tables that are provided by the operating system. The tables can be used for initiating data sharing between various applications.

According to Tai Liberman, a researcher at Ensilo, the team at the firm has discovered “a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table.”

Also Read: WinRar and TrueCrypt Installer Dropping Malware on Users’ PCs

In a blog post, Ensilo researcher wrote that “we also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.”

The reason why this latest code-injection remains undetected by antiviruses and endpoint security systems is that it is based on genuine and legitimate mechanism and that the mechanism of atom tables is currently part of all versions of Windows OS. Therefore, it is too difficult to release a patch considering that it does not indicate any vulnerability.

There are numerous reasons behind using code injection method in malware such as in banking Trojans the code injection can infect browser processes to observe and change locally visited websites while using banking websites. Due to this feature, hackers are able to steal login credentials as well as payment card information. They also can redirect any transaction to their own account.

Also Read: Bitcoin Mining malware infects Seagate Central NAS devices

Moreover, the malicious code injection can help attackers in bypassing limitations that let only a certain data to be accessed by particular processes only. Such as, for stealing encrypted passwords used for another application the code injection can help or it may also aid in capturing screenshots of the user’s desktop despite the malware process doesn’t have the necessary privilege.

Liberman also wrote that “being a new code injection technique, AtomBombing bypasses [antivirus] and other endpoint infiltration prevention solutions.”

Bitdefender’s senior threat analyst Liviu Arsene stated that even if the attack is not targeted towards exploiting any software weakness, security vendors can detect or delete/block the malicious payload. Hence, if the payload still gets executed and attempts to inject the malicious code into an authentic application then it would be possible to detect and block it. That’s because security vendors usually monitor processes and services across their execution lifespan.

[fullsquaread][/fullsquaread]

Also Read: The Nastiest of all Ransomware Mamba Encrypts Entire Hard Drive

Microsoft has urged that its customers must observe safe and responsible computing practices in order to avoid malware infection through AtomBombing. These practices include avoiding clicking on unreliable links to web pages, downloading or opening suspicious files or documents sent from unknown sources and be cautious while accepting file transfers.

[src src=”Image Via” url=”http://www.navy.mil/submit/display.asp?story_id=91131″]US Navy[/src]

  • Tags
  • Bug
  • Flaw
  • internet
  • Microsoft
  • security
  • Vulnerability
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Electronic Arts, EA Servers Down Again (Updated)
Next article History and Evolution of the Locky Ransomware
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data

FluBot Android malware mimics FedEx, Chrome apps to steal user data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us