Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
Summary: The Mustang Panda threat actor has developed a sophisticated method to remain undetected while controlling infected systems, using a legitimate Windows utility, MAVInject.exe, to inject malware into processes. The attack exploits vulnerabilities through spear-phishing emails, utilizing a dropper executable to deploy both benign and malicious components. Additionally, it employs an EA application to execute a modified TONESHELL backdoor for further exploitation and data exfiltration.

Affected: ESET antivirus users and organizations in Thailand

Keypoints :

  • Mustang Panda uses MAVInject.exe to evade detection specifically when ESET antivirus is running.
  • The attack starts with a dropper executable that delivers multiple payloads, including a decoy PDF for distraction.
  • The malware communicates with a remote server for commands, ensuring ongoing control over compromised systems.

Source: https://thehackernews.com/2025/02/chinese-hackers-exploit-mavinjectexe-to.html

Views: 19