zCat on Nostr: Hackers abuse Avast anti-rootkit driver to disable defenses A new malicious campaign ...
Hackers abuse Avast anti-rootkit driver to disable defenses
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components.
The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for security processes from various vendors.
Since the driver can operate at kernel level, it provides access to critical parts of the operating system and allows the malware to terminate processes.
Security researchers at cybersecurity company Trellix recently discovered a new attack that leverages the bring-your-own-vulnerable-driver (BYOVD) approach with an old version of the anti-rootkit driver to stop security products on a targeted system.
See more
Bleeping Computer:
https://www.bleepingcomputer.com/news/security/hackers-abuse-avast-anti-rootkit-driver-to-disable-defenses/
The Hacker News:
https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html
#cybersecurity #malware #avast
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components.
The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for security processes from various vendors.
Since the driver can operate at kernel level, it provides access to critical parts of the operating system and allows the malware to terminate processes.
Security researchers at cybersecurity company Trellix recently discovered a new attack that leverages the bring-your-own-vulnerable-driver (BYOVD) approach with an old version of the anti-rootkit driver to stop security products on a targeted system.
See more
Bleeping Computer:
https://www.bleepingcomputer.com/news/security/hackers-abuse-avast-anti-rootkit-driver-to-disable-defenses/
The Hacker News:
https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html
#cybersecurity #malware #avast