The dropper creates two in-memory executables: /memfd:tgt, a harmless cron binary, and /memfd:wpn, a rootkit loader. The loader evaluates the environment, executes additional payloads,…
Tag:
rootkit
-
-
Vulnerability exploits the difference between DOS and NT paths When someone is asked to type the path to a file on a Windows system,…
-
“Microsoft hasn’t given up on securing the admin-to-kernel boundary, though,” researchers from Avast explain. “Quite the opposite. It has made a great deal of…
-
MalwareNewsSecurity
Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years
A sophisticated rootkit that’s able to insert itself into the lowest levels of Windows computers — the motherboard firmware — has been making victims…