216.73.217.86

T1631: Process Injection

View on MITRE ATT&CK The MITRE Corporation · Published 30/03/2022 20:50 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1631
Confidence
100/100
Revoked
No
Published
30/03/2022 20:50
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Platforms

android iOS

Description

Adversaries may inject code into processes in order to evade process-based defenses or even elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process. Both Android and iOS have no legitimate way to achieve process injection. The only way this is possible is by abusing existing root access or exploiting a vulnerability.

Kill chain phases

Kill chainPhase
mitre-mobile-attack defense-evasion
mitre-mobile-attack privilege-escalation

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references