First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection

By [email protected] (Mohit Kumar) Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection.

The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS

Via:: First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection