Summary: The Chinese APT group “Mustang Panda” is utilizing the Microsoft Application Virtualization Injector to stealthily inject malware into legitimate Windows processes, thereby circumventing antivirus detection. Trend Micro has identified over 200 victims since 2022, primarily targeting government organizations in the Asia-Pacific region through spear-phishing emails. This sophisticated attack technique highlights the evolving nature of cyber threats and the importance of robust security measures.
Affected: Government entities and organizations in the Asia-Pacific region
Keypoints :
- Mustang Panda uses MAVInject.exe to inject malware into the legitimate process waitfor.exe, allowing it to evade detection by antivirus software.
- The attack chain begins with spear-phishing emails containing malicious attachments that deploy backdoor access on victims’ machines.
- The injected malware provides remote access and command execution capabilities to the attackers, including system information retrieval and reverse shell access.