Hackers Use New Malware Technique to Evade Detection Systems
-
Earth Freybug is a cyberthreat group active since 2012 that conducts espionage and financial crimes using various tools and techniques.
-
They recently used a new malware called UNAPIMON that leverages DLL hijacking and API unhooking to prevent monitoring of child processes.
-
UNAPIMON uninstalls hooks from critical APIs in child processes, allowing malware to execute undetected by monitoring systems.
-
The attack shows Earth Freybug creatively using simple existing technologies like Microsoft Detours for malicious purposes.
-
Even with admin access, attacks can be prevented by limiting privileges, frequent password rotations, and logging activities.