A group of researchers from NTT Security Holdings Corp are planning to demonstrate a new technique to make it easier to hide malicious code on a computer by hijacking the memory used by software interpreters.

The technique, dubbed Bytecode Jiu-Jitsu, involves feeding malicious bytecode into the interpreter by replacing existing bytecode already present in memory and used by the interpreter. By doing this, when the interpreter goes to fetch and execute the expected bytecode from memory, it receives the injected code instead and executes it.

One drawback of bytecode hijacking is its difficulty but the researchers have created an automated technique that can be used to analyze interpreter executables to find the necessary injection points for a successful attack on many different interpreters. This technique makes it considerably easier to carry out such an attack.

The researchers have confirmed their technique works with VBScript, Python, and Lua interpreters and will demonstrate it at the upcoming Black Hat 2024 security conference.