
PROPagate – a new code injection trick - sjreese
http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/
======
sjreese
PROPagate Code Injection Seen in the Wild Last year, researchers wrote about a
new Windows code injection technique called PROPagate. Last week, it was first
seen in malware:

This technique abuses the SetWindowsSubclass function -- a process used to
install or update subclass windows running on the system -- and can be used to
modify the properties of windows running in the same session. This can be used
to inject code and drop files while also hiding the fact it has happened,
making it a useful, stealthy attack.

It's likely that the attackers have observed publically available posts on
PROPagate in order to recreate the technique for their own malicious ends.

