April 2, 2024 at 07:08PM UNAPIMON meticulously disables hooks in Windows APIs to prevent the detection of malicious processes. Based on the meeting notes provided, it seems that UNAPIMON operates by systematically disabling hooks in Windows APIs that are used for identifying potentially harmful processes. This implies that UNAPIMON is designed to disrupt traditional methods … Read more
April 2, 2024 at 06:01PM The Chinese ‘Winnti’ hacking group used a new malware, UNAPIMON, to run malicious processes undetected. This group, active since 2012, targets various organizations and was linked to a cyberespionage attack named ‘Earth Freybug.’ UNAPIMON uses DLL side-loading and unhooking API functions to evade detection, showcasing innovative and sophisticated tactics by … Read more
April 2, 2024 at 01:54AM Summary: Earth Freybug actors are using dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to avoid being monitored by a new malware called UNAPIMON. The malware prevents child processes from being monitored, enabling malicious activity to go undetected. Security measures such as restricting admin privileges and frequent password … Read more