What is a Malicious Process Migration?
Malicious Process Migration involves a hacker moving malware from one compromised process to another. This allows the hacker to better avoid detection and maintain a connection with the infected computer even when the browser session is ended by the user. It is a fairly common practice in hacking to attempt to gain more privileges or establish a more permanent hold on a device.
How to Recognize This Threat: If a hacker is active on a user’s computer, then there may be increased processor activity. A malicious migration typically uses DLL exploits, which some scans may pick up.
How to Prevent This Threat: Sophos Intercept X endpoint protection is designed to detect and terminate these attacks. The software will also alert network admins that such an attack has occurred, and generate a root cause analysis to further investigate the incident.