Researchers from Trend Micro’s Threat Hunting team have uncovered a new technique employed by the advanced persistent threat (APT) group dubbed Mustang Panda or Earth Preta.
The cyberespionage group has been abusing the Microsoft Application Virtualization Injector (MAVInject.exe) to stealthily inject malicious payloads into waitfor.exe when it detects an ESET antivirus application running. This discovery is a sign of the group’s evolving tactics to bypass security defenses and maintain a foothold in compromised systems.
Sophisticated Evasion Tactics
Earth Preta’s latest campaign uses Setup Factory, an installer builder, to drop and execute malicious payloads while evading detection. The attack chain starts with the execution of…