T1631: Process Injection
Essential information
- MITRE technique ID
T1631- Confidence
- 100/100
- Revoked
- No
- Published
- 30/03/2022 20:50
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Platforms
android iOS
Description
Adversaries may inject code into processes in order to evade process-based defenses or even elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Both Android and iOS have no legitimate way to achieve process injection. The only way this is possible is by abusing existing root access or exploiting a vulnerability.
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | defense-evasion |
| mitre-mobile-attack | privilege-escalation |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.