CyberSecurity updates
Updated: 2024-11-24 21:02:30 Pacfic

cybergeeks.tech
Call Stack Spoofing Technique Used by APT41: Obfuscating Malicious Activity - 6d

APT41 has been observed utilizing call stack spoofing techniques to evade detection by EDR and other security software. Call stack spoofing involves constructing a fake call stack that mimics a legitimate call stack, obscuring the true origin of function calls and hindering analysis. This technique was observed in the Dodgebox malware, which was used by APT41 to trick antivirus and EDR software that rely on stack call analysis for detection. The malware retrieves the address of functions, such as NtCreateFile, and manipulates the call stack to hide the true origin of the function call. This technique highlights the evolving tactics used by sophisticated threat actors and emphasizes the need for advanced detection and mitigation strategies to counter these evasive techniques.

MalBot @ Malware Analysis, News and Indicators
Call Stack Spoofing: New Technique Used by APT41 to Bypass Security - 6d

APT41 has implemented a new technique called call stack spoofing to evade detection by EDR software. This technique involves constructing a fake call stack that mimics a legitimate one, hiding malicious activity from security software. The fake call stack is created using a combination of specific instructions and data manipulation, allowing APT41 to execute malicious code without triggering alarms.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.