THREATNOIR
Subscribe
Back to Feed
MalwareApr 21, 2026

Outflank published “Linux Process Injection via Seccomp User Notifications” 4 months ago. When t...

Linux process injection malware via seccomp evades detection on VirusTotal.

Read at source

Summary

Outflank disclosed a Linux process injection technique leveraging seccomp user notifications 4 months ago. A malware sample implementing this technique remained undetected by all 64 VirusTotal engines for 2 months after initial submission, highlighting evasion effectiveness. Detection was eventually achieved through THOR's rules.

Indicators of Compromise

  • hash_sha256 — c8cdf46fcbaebba29df13ca40a3ab8d37cdac54e333b3957facf4ef6c88cef34

Entities

Outflank (vendor)seccomp (technology)VirusTotal (technology)THOR (product)