In the previous chapter, we looked at the different persistence mechanisms used by malware to remain on a victim system. In this chapter, you will learn how malicious programs inject code into another process (called target process or remote process) to perform malicious actions. The technique of injecting malicious code into a target process's memory and executing the malicious code within the context of the target process is called code injection (or process injection).
An attacker typically chooses a legitimate process (such as explorer.exe or svchost.exe) as the target process. Once the malicious code is injected into the target process, it can then perform malicious actions, such as logging keystrokes, stealing ...