Skip to content

T1631 Process Injection

Adversaries may inject code into processes in order to evade process-based defenses or even elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process’s memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.

Both Android and iOS have no legitimate way to achieve process injection. The only way this is possible is by abusing existing root access or exploiting a vulnerability.

Item Value
ID T1631
Sub-techniques T1631.001
Tactics TA0030, TA0029
Platforms Android, iOS
Version 1.1
Created 30 March 2022
Last Modified 20 March 2023


ID Data Source Data Component
DS0041 Application Vetting API Calls