From thehackernews.com
Cybersecurity researchers have disclosed a new executable image tampering attack dubbed “Process Ghosting” that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system.
“With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk,” Elastic Security researcher Gabriel Landau said. “This technique does not involve code injection, Process Hollowing, or Transactional NTFS (TxF).”