(also hollow process injection)
Process hollowing is a code injection method in which hackers remove the code in an executable file and replace it with malicious code, enabling them to configure a previously legitimate process to execute malicious code.
Additionally, process hollowing allows hackers to avoid potential security defenses, like detection analysis software. In most cases, hackers start their process-hollowing attacks via malicious links in phishing emails, where users click on the malicious link, which makes their computer download and install the hacker’s malware.
One of the most significant advantages that process hollowing offers to hackers is that it is pretty challenging to detect. Namely, the path of the executable file under a process-hollowing attack still points to its previous legitimate path, meaning that firewalls will not see it as malware.
See also: anti-malware, anti-phishing service