New windows malware Pingback uses Internet Control Message Protocol (ICMP) for its command-and-control activities to evade detection and DLL hijacking technique to achieve persistence in Operating system.
▪ Researcher disclosed new malware named Pingback backdoor, that uses rarely used technique Internet Control Message Protocol (ICMP) tunnelling for command-and-control communication and achieve persistence through DLL Hijacking to targets Microsoft Windows 64-bit systems.
▪ The malware uses ICMP tunneling to evade detection because ICMP does not use ports, TCP, or UDP. Due to this, the malicious file may not be picked up by diagnostic tools. Abused legitimate ICMP protocol is basically useful for diagnostics and performance of IP connections in the real world.
▪ To achieve persistence malware uses DLL (Dynamic Link Library) hijacking technique that involves using a legitimate application to preload a malicious DLL file. Using this method, attackers can exploit trusted Windows processes to execute arbitrary malicious code.