Skrull: run malware on the victim using the Process Ghosting technique

From securityonline.info

There is a well-known feature by which anti-virus or EDR can capture ambiguous or suspicious program files and send them back to security response center for researcher analysis. For malware designers, playing cat and mouse with security solutions in the post exploitation stage while hiding their backdoors from malware detection and forensics is a crucial mental challenge.

Many methods used in the wild by hackers against researchers have already been discussed, for example using a COM hijack to obscure their malware, deploying a kernel hook-based rootkit, bypassing signature-based scanning, and others besides. There’s still no method robust enough to counter these techniques, as researchers often cannot totally understand how the malware works internally even if it’s caught and analyzed.

Read more…