Chinese Hackers Exploit Windows Tool MAVInjectexe for Cyberespionage

By /

Listen to this Post

Chinese hackers are leveraging a built-in Windows tool, MAVInject.exe, to inject malicious code into legitimate processes, bypassing security measures. This technique allows them to conduct silent cyberespionage, steal data, and compromise networks without detection. Here’s how to protect your system:

Steps to Mitigate the Threat:

  1. Disable MAVInject.exe: If this tool is not required for your operations, disable it to reduce the attack surface.

– Command to disable: 

sc config MAVInject start= disabled

2. Monitor Process Injections: Use tools like Sysinternals Process Monitor to track unusual process injections.
– Command to start Process Monitor: 

procmon.exe

3. Endpoint Detection and Response (EDR): Deploy EDR solutions to flag suspicious behavior.
– Example: Use Microsoft Defender for Endpoint to monitor and respond to threats.
4. Apply Security Patches: Regularly update your systems to patch vulnerabilities.
– Command to check for updates on Windows: 

wuauclt /detectnow

You Should Know:

  • MAVInject.exe: This legitimate Windows tool is being abused by hackers. It is part of the Microsoft Antivirus Injector and is used for dynamic-link library (DLL) injection.
  • Detecting Malicious Activity: Use PowerShell to scan for suspicious processes: 
    Get-Process | Where-Object { $_.ProcessName -eq "MAVInject" }
  • Blocking Unauthorized Executables: Use AppLocker or Windows Defender Application Control to restrict unauthorized executables.
  • Example AppLocker rule: 
    New-AppLockerPolicy -RuleType Script -User Everyone -Action Deny -Path "C:\Path\To\MAVInject.exe"

What Undercode Say:

The exploitation of MAVInject.exe highlights the importance of proactive cybersecurity measures. Disabling unnecessary tools, monitoring processes, and deploying advanced endpoint protection are critical steps to safeguard your systems. Regularly updating and patching your systems, combined with continuous monitoring, can significantly reduce the risk of such attacks. Stay vigilant and ensure your defenses evolve alongside emerging threats.

Additional Resources:

Relevant Commands:

  • Check running processes: 
    tasklist
  • Disable a service: 
    sc stop MAVInject
  • Enable Windows Defender: 
    Set-MpPreference -DisableRealtimeMonitoring $false

References:

Reported By: Albertwhale Chinese – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: