Hackers abuse Avast anti-rootkit driver to disable defenses

[Captain Awesome]

Content source

https://www.bleepingcomputer.com/news/security/hackers-abuse-avast-anti-rootkit-driver-to-disable-defenses/

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components.

The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for security processes from various vendors.

Hackers abuse Avast anti-rootkit driver to disable defenses

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components.

www.bleepingcomputer.com

 

[Marko :)]

Whoopsie.

 

[nickstar1]

Yall got some work to do to fix this L0L.

 

[Sandbox Breaker - DFIR]

For those on Defender for Endpoint... The driver is already blocked and added to the vulnerable driver list. Ensure your users are running as standard and ensure tamper protection is on.