Security researchers have discovered a new technique that could allow attackers to inject malicious code into every version of Microsoft’s Windows operating system, even Windows 10, in ways that no existing anti-malware tool can currently detect, which is a huge threat to millions of PC users around the world.
The “AtomBombing” technique does not exploit any vulnerability, it works by designing and abusing weakness in Windows operating systems.
An AtomBombing attack abuses the system-level Atom Tables, a feature of Windows that allows applications to store information in strings, objects, and other types of data to access them on a regular basis. As Atoms are shared tables, all sorts of applications can access or modify data inside them.
A team of researchers, who came up with the AtomBombing technique state that this technique in Windows can allow malicious codes to modify atom tables and trick legitimate apps into executing malicious actions on its behalf.
Once injected into legitimate processes, the malware makes it easier for attackers to bypass security mechanisms that protect such systems from malware infections, the researchers said.
AtomBombing can Perform MITM Browser attack, Decrypt Passwords, etc
Besides process level restrictions bypassing, the AtomBombing code injection also allows attackers to perform man-in-the-middle (MITM) browser attacks; remotely take screenshots of targeted user desktops, as well as accessing encrypted passwords stored on a browser.
Google Chrome encrypts your saved passwords using Windows Data Protection API (DPAPI), which uses data derived from the current user to encrypt or decrypt the data and access the passwords.
So, if malware is injected into a process which is already running in the context of the current user, it is easy to access those passwords in plain text as well.
Since the AtomBombing technique exploits legitimate operating system functions to carry out attacks, Microsoft cannot find a resolution to the issue without changing how the entire operating system functions. This is not a feasible solution, so there is no quick fix solution at the moment.