Security News Hackers abuse Avast anti-rootkit driver to disable defenses

Captain Awesome · Nov 23, 2024

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components.

The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for security processes from various vendors.

Hackers abuse Avast anti-rootkit driver to disable defenses

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components.

www.bleepingcomputer.com

Marko :) · Nov 23, 2024

Whoopsie.

nickstar1 · Nov 23, 2024

Yall got some work to do to fix this L0L.

Sandbox Breaker · Nov 23, 2024

For those on Defender for Endpoint... The driver is already blocked and added to the vulnerable driver list. Ensure your users are running as standard and ensure tamper protection is on.

Search

Security News Hackers abuse Avast anti-rootkit driver to disable defenses

Captain Awesome

Level 24

Hackers abuse Avast anti-rootkit driver to disable defenses

Marko :)

Level 24

nickstar1

Level 10

Sandbox Breaker

Level 11

Similar threads