PROPagate Code Seen in the Wild

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last , it was first seen in malware:

This technique abuses the SetWindowsSubclass function — a process used to install or update subclass windows running on the system — and can be used to modify the properties of windows running in the same session. This can be used to inject code and drop files while also hiding the fact it has happened, making it a useful, stealthy .

It’s likely that the attackers have observed publically available posts on PROPagate in order to recreate the technique for their own malicious ends.

Posted on July 9, 2018 at 6:13 AM

0 Comments



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here