Search This Blog

Powered by Blogger.

Blog Archive

Labels

Hackers can Hijack Antivirus Software to Erase Data

Possibly up to 50% of popular security software tools to be affected by this vulnerability.

 


In a report released this week, a top cybersecurity researcher revealed that many popular antivirus software programs had been exploited, for their ability to erase data, including Microsoft, SentinelOne, TrendMicro, Avast, and AVG. 

Yair Or, a consultant for the cybersecurity firm SafeBreach and works as a time-of-check to time-of-use vulnerability researcher, explained how the exploit works in a proof-of-concept document titled "Aikido" that outlines the method for exploiting this vulnerability. 

One of the most renowned martial arts forms is Aikido. It is one of the Japanese arts that use the movement and force of the opponent against the practitioner to achieve an advantage. 

What does this process entail? 


According to Yair, it is possible to exploit this vulnerability to facilitate cyberattacks known as "Wipers," commonly used to commit offensive war crimes. 

An eraser, also known as a wiper, is a type of malware designed to delete all the data and programs on the hard drive of the computer it infects to prevent it from functioning aptly. 

As stated in the slide deck, the exploit redirects the "superpower" of endpoint detection software into the capability to "delete any file regardless of its permission levels". 

This entire process was achieved by creating a malicious file in the directory "C:\temp\Windows\System32\drivers\ndis.sys". 

Subsequently, it needed to capture down while the "AV/EDR should ask to delay deleting the feature until after the next reboot by holding its handle". 

Following that, it is necessary to delete the "C:/temp directory" to create a junction between C:/temp and C:/ and to restart your computer after completing this process. 

It has been confirmed that only some of the most popular antivirus brands have been affected, approximately 50% of them. 

As reported by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus were some of the antivirus programs affected by this vulnerability, according to a slide deck prepared by him.

Meanwhile, some products are lucky to have survived the attack intact. These include Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender.
Share it:

Antivirus

cyber attack

Cyber Attacks

Software

Wipers