Top

Variant of SynAck Malware Adopts Doppelgänging Technique

May 8, 2018

Category:

Researchers have identified a new variant of the SynAck ransomware that is now using the newly identified Process Doppelgänging to slip past antivirus programs. Researchers said this is the first ransomware seen in the wild to employ the approach.

Both SynAck ransomware and Process Doppelgänging are relatively new. The latter was discovered by Ensilo researchers, which presented their research at the London Black Hat 2017 security conference in December. The technique is similar to the hacker method known as Process Hollowing, where adversaries replace the memory of a legitimate process with malicious code, thereby evading antivirus process monitoring tools.

Read More on Threat Post