Case of Injection Attack Using Legitimate MS Utility mavinject.exe
1. Overview Mavinject.exe is a legitimate utility provided by Microsoft. It is used to inject DLLs into specific processes in an Application Virtualization (App-V) environment. It has been included in the operating system by default since Windows 10 version 1607, and it is a trusted executable file signed by Microsoft.
Kimsuky Group Uses ADS to Conceal Malware
AhnLab Security Emergency response Center (ASEC) has discovered that the Kimsuky group is using Alternate Data Stream (ADS) to hide their malware. This malware is an Infostealer that collects data by starting the VBScript included inside an HTML file. It can be characterized by its tendency to add the actual
