In this lesson we will continue our discussion on stealth malware, and will take a look at widely used nowadays technique called injecting. Injecting is technique, that allows some process to execute code inside another process. Initially injection was intended for use in debugging purposes but then became popular among malware writers, because it allowed stealthy code execution on victim’s machines. Among malware writers injection is mainly used for the purpose of hiding malware activities by performing on behalf of trusted software. In this case malicious activity such as hidden network traffic can outcome from infected legal program that communicates with internet, such as web browser, and can be considered not suspicious by personal firewalls and antivirus software. Also in case of injecting malware does not have a separate process in system, that can be discovered. After the code is injected it can be executed in few ways: 1. In separate thread inside infected process 2. As a hook handler, when certain hooked API function is called by infected application. Hook handler can be used either to steal user's confident data or to hide malware presence inside infected system by hiding malware registry keys and files. Injection is always initiated by special injector application that runs on OS start up. This application writes malware code into other's process memory and supplies it with all necessary data, required for execution and after that launches it, or installs code hooks inside victim application to transfer execution to injected code, that works as proxy between application and OS.