Attackers can conceal their efforts to execute malicious code by embedding commands into the machine code stored in memory by software interpreters used in many programming languages, such as VBScript and Python. This technique will be demonstrated by a group of Japanese researchers at next week’s Black Hat USA conference.
Interpreters convert human-readable software code into bytecode, which are detailed programming instructions that the underlying virtual machine can understand. The research team managed to insert malicious instructions into the bytecode held in memory before execution. Since most security software does not scan bytecode, their changes went undetected.
This method could enable attackers to hide their malicious activities from most endpoint security software. Researchers from NTT Security Holdings Corp. and the University of Tokyo will showcase this capability using the VBScript interpreter, says Toshinori Usui, a research scientist at NTT Security. The researchers have confirmed that the technique also works for inserting malicious code into the in-memory processes of both the Python and Lua interpreters.
“Malware often hides its behavior by injecting malicious code into benign processes, but existing injection-type attacks have characteristic behaviors … which are easily detected by security products,” Usui says. “The interpreter does not care about overwriting by a remote process, so we can easily re
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: