Process injection inserts malicious code into a legitimate running process — evading security tools by hiding under trusted processes (explorer.exe, svchost.exe).
Types: DLL injection, reflective DLL injection, process hollowing, thread hijacking. EDR detects process injection via behavioral monitoring (API calls, memory anomalies). A common fileless malware technique.