Managed Code Rootkits

By Erez Metula

A Managed Code Rootkit (MCR) is a special type of malicious code that is deployed inside an application level virtual machine such as those employed in managed code environment frameworks – Java, .NET, Dalvik, Python, etc.. Having the full control of the managed code VM allows the MCR to lie to the upper level application running on top of it, and manipulate the application behavior to perform tasks not indented originally by the software developer. The MCR concept was introduced in major security conferences such as BlackHat, DefCon, RSA, OWASP, CanSecWest, SOURCE, and others.