Process hollowing definition

Process hollowing is a code injection method in which hackers remove the code in an executable file and replace it with malicious code, enabling them to configure a previously legitimate process to execute malicious code.

Additionally, process hollowing allows hackers to avoid potential security defenses, like detection analysis software. In most cases, hackers start their process-hollowing attacks via malicious links in phishing emails, where users click on the malicious link, which makes their computer download and install the hacker’s malware.

One of the most significant advantages that process hollowing offers to hackers is that it is pretty challenging to detect. Namely, the path of the executable file under a process-hollowing attack still points to its previous legitimate path, meaning that firewalls will not see it as malware.

See also: anti-malware, anti-phishing service

Protecting against process hollowing

• Do not open links from unverified email addresses.
• Do not download software from unreliable sources.
• Restrict file sharing.
• Use enterprise-grade firewalls.
• Get antivirus software from reliable providers and run regular malware scans on your computer and other devices.
• Always use the latest versions of all software and apps.
• Do not click on pop-up windows that say your computer is infected, and do not download their software.
• Use NordVPN’s Threat Protection feature to scan your files for malware.

Further reading