keller - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

What new technique does the Osiris banking Trojan use?

A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis.

A new form of the Kronos banking Trojan called Osiris was recently discovered using an advanced evasion technique known as process impersonation. How does Osiris use process impersonation and what threats does it pose?

Endpoint security tools, such as antimalware and endpoint detection and response tools, have made significant progress in detecting advanced attack techniques. These tools can detect many different attacks, like malicious PowerShell scripts and other potentially malicious actions.

The newly uncovered Osiris banking Trojan, which appears to be an update to the Kronos banking Trojan, added a new functionality -- process impersonation -- and it may not be detected by all endpoint security tools.

Process impersonation occurs when malware tries to look like a legitimate executable on an endpoint by using the same name as a legitimate process when it runs or when it uses dynamic-link library injection to inject malicious code into a running process. To use process impersonation, the malware must execute its code on the endpoint.

Adding process impersonation to existing malware can make it more difficult for endpoint security tools to identify the malware and stop the attack. It also makes investigating an incident significantly more difficult if the system doesn't have sufficient logging.

If your endpoint security tools don't have the capability to log process impersonation, process hollowing or process doppelgänging, then you may want to inquire with your vendor about when the functionality is going to be added or start looking for a new endpoint security tool.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in February 2019

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How do you think this new form of the Kronos banking Trojan will impact your endpoint security?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close