loader gif

Researchers Explore Remote Code Injection in macOS

Researchers Explore Remote Code Injection in macOS (Malware and Vulnerabilities)

Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory. There are several ways to implement code injection techniques, which run malicious code through unsuspected or legitimate system processes. Malware writes part of the code in a remote process' memory, which executes malicious code not part of the process' original execution flow. As part of his research, Weinberg tested three remote code injection methods and a new custom-built reflective Mach-O loader. Unlike code injection or a hooking technique, this loader would let an attacker load Mach-O files from memory and not the disk, more effectively bypassing defenses. The core of Weinberg's report digs into three sparsely documented tactics to hook functions on a remote process, as well as the new custom loader designed by the Deep Instinct research team, to achieve code execution.

loader gif