This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Article Link: Earth Freybug Uses UNAPIMON for Unhooking Critical APIs | Trend Micro (US)