The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems.This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe, whenever ESET antivirus application is detected running, Trend Micro said in a new analysis."The attack involves dropping multiple files, including legitimate executables and malicious components, and deploying a decoy PDF to distract the victim," security researchers Nathaniel Morales and Nick Dai noted.

‍