Security News Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It

bazang

Level 9
Thread author
Jul 3, 2024
428
Malware hidden inside a fake NFT game ignores two-factor authentication and gains access to a victim's Google account via a malicious Chrome Extension to steal your money.

Microsoft Defender, the antivirus app that comes enabled in Windows Vista and later, reportedly failed to catch a type of malware that hijacked a victim's Google account in the Chrome browser and stole over $24,000 in cryptocurrency.

"He got access to my Google passwords because my Bitwarden was unlocked and then deducted the wallet extension's passwords. That's what lead me to ruin," the victim explained in a post, adding that the attacker was a stranger who had messaged him on Telegram, an app scammers often use, and convinced him to download a malicious application.
 
Last edited by a moderator:

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,187
Obviously Defender missed this one. I wonder if hardened Defender would have caught it, or if it was something out of Defenders protection capabilities with this malware?

Not trying to excuse Defender here, but there is also this part of the story which you posted, the lack of caution and discernment on the users end:
adding that the attacker was a stranger who had messaged him on Telegram, an app scammers often use, and convinced him to download a malicious application.
 

zidong

Level 2
Jul 15, 2024
73
Happened 3 months ago and PC Mag is one of many that advertise paid antivirus products. It would have been interesting if they had tested with other antivirus programs at the same time, not several days later when all antivirus products already detect this malware.



Notably, this malware, like some others deployed by hackers, detects a user's location to decide whether to proceed with the attack. In this case, if a Windows user downloaded the malware on a device based in Russia, Ukraine, or Belarus, the malware would not proceed.
Can't believe it :ROFLMAO:
 
Last edited by a moderator:

lokamoka820

Level 24
Mar 1, 2024
1,385
In the comment section of the mentioned article, no one blame MS Defender, but the user action, for example:
The headline should read "MS Defender is Enough Unless You're Easily Fooled To Run Files You Shouldn't". There's been articles that say that most infections are caused by user actions. Knowing what NOT to do is the best defense against malware. Don't open attachments! EVER!
 

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,187
OMG well that means no one is safe then because pretty much over the years all Antivirus software has been hacked or threat actors have found some ways around defenses even Kaspersky. :ROFLMAO::ROFLMAO::ROFLMAO: Most of us a smart enough to avoid this I'm not concerned.
And it wasn't even really that the malware found it's way around Defender, it was led by the hand by this one user, this one example, not hundreds.

I used to be a mod on Bitdefender forum (Scott) and there were times that Flexx would have to talk people down off the ledge when their beloved Bitdefender didn't stop something from getting through. Like you said and as we all know, it happens in real life, and not just in hands on AV reviews.
 
Last edited:

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,770
OMG well that means no one is safe then because pretty much over the years all Antivirus software has been hacked or threat actors have found some ways around defenses even Kaspersky. :ROFLMAO::ROFLMAO::ROFLMAO: Most of us a smart enough to avoid this I'm not concerned.
You just noticed that? :alien:

There's a reason I always tell people to choose any of the best known products. All of them can fail against some malware, so choose whatever works best in your machine with the least impact in performance and your pocket.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,680
Eureka!!!
Someone discovered that an AV missed one malware, so this AV is "not enough".
I have bad news. According to known tests, the top AVs usually miss over 400 malware daily.
 
Last edited:

Dark Knight

Level 5
Verified
Well-known
Aug 17, 2013
239
Antivirus is not fool proof, no one security software catches everything and that includes Defender , it takes a certain amount of common sense from the person sitting behind the keyboard.
The first mistake he made was using Telegram , there are tons of highly questionable and illegal practices going on that platform
 

tofargone

Level 6
Jun 24, 2024
264
Obviously Defender missed this one. I wonder if hardened Defender would have caught it, or if it was something out of Defenders protection capabilities with this malware?

Not trying to excuse Defender here, but there is also this part of the story which you posted, the lack of caution and discernment on the users end:
Yep. just like many suspected. All the while, others were shouting the praises of MD, now it seems the experts were wrong, once again. Time to pout a fork in it. Kaspersky anyone?
 

Marko :)

Level 24
Verified
Top Poster
Well-known
Aug 12, 2015
1,330
Yep. just like many suspected. All the while, others were shouting the praises of MD, now it seems the experts were wrong, once again. Time to pout a fork in it. Kaspersky anyone?
Yeah, because Kaspersky and other antivirus software have 120% detection rate and never miss anything. I absolutely love how whenever Defender misses something, all forks are thrown at Microsoft. And when other antivirus company (whose, in fact, the only job is security—nothing else) misses something, it's like "oopsie!". It's interesting how barely anyone noticed that hackers casually abused Avast's old anti-rootkit driver.

I thought some people are smarter here. 100% protection doesn't exist and if you want to infect your PC, you'll successfully do it no matter how expensive and which AV software you have installed. AV software can only catch recognized malware, not new and unknown even with all latest innovations in modules. Malware is always one step ahead of all AVs.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,680
Yep. just like many suspected. All the while, others were shouting the praises of MD, now it seems the experts were wrong, once again. Time to pout a fork in it. Kaspersky anyone?
  1. Experts know that MD can miss several tenths of malware daily (just like any other AV). It is not obvious to many people because there are over 250 000 new malware daily.
  2. Kaspersky (paid version, tweaked) is a good alternative to Defender free, even if point 1 is true also for Kaspersky. The difference will be about 1 missed malware per 500.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,680
I absolutely love how whenever Defender misses something, all forks are thrown at Microsoft.

Yes. Such reactions were mainly irrational, but nowadays they can be partially justified. Microsoft Defender is the most prevalent AV. Many Enterprises plan to skip 3rd party AVs and use MD instead. The reason is not that MD is the best, but simply other solutions are not much better in daily practice.

1732706117182.png


Taken from "The Third Annual Study on the State of Endpoint Security Risk" (Ponemon Institute© Research Report, 2020)
 

tofargone

Level 6
Jun 24, 2024
264
I am not an expert, like you folks here.

I think the focus should be like the Army says: "Be all you can be"...

So instead of saying "He clicked on, or he did this or that", which is true, you're right, he was foolish, instead I like to focus on this aspect... Product A missed it, and product B caught it.... Now lets see if product A, B, C, and D-Z can get their minds/acts together and make something truly great, instead of, just OK.
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,680
Now lets see if product A, B, C, and D-Z can get their minds/acts together and make something truly great, instead of, just OK.

The article presents the wrong comparison method. It will always show that Microsoft Defender is not better than any AV.
When seeking malware that can compromise MD and then testing that malware against another AV, MD will always get the 0% protection result, and another AV can randomly score better (and never worse).

We could get a similarly wrong result when seeking malware that can compromise a top AV and then testing that malware against MD. The top AV would always get the 0% protection result and MD could randomly score better (and never worse).
If SafetyDetectives did their tests correctly (preserving AV symmetry), they could see after many tests that the differences in protection between many popular AVs are very small.

Edit.
If we include Windows SmartScreen file reputation (assuming that the user respects its alerts), then the differences in protection between MD and top AVs are negligible for non-enterprise users.
 
Last edited:

Dark Knight

Level 5
Verified
Well-known
Aug 17, 2013
239
Now lets see if product A, B, C, and D-Z can get their minds/acts together and make something truly great, instead of, just OK.

@tofargone , I partially agree , while Antivirus companies should be working hand in hand in a perfect world .... but they don't and even if they did they still wouldn't be able to catch everything. Unfortunately hackers, virus and trojan writers are smarter and always one step ahead , so , like I said above , the BEST antivirus defense one can have is the one sitting behind the keyboard. You can't get infected by something and place 100% blame on something that you KNOW is not going to catch 100% of infections, you have to own up to some of it. ESPECIALLY in the gaming realm and using a messenger KNOWN to be far less than secure. IMO , Telegram has been operating under the radar for years and with all the stuff to come out about it recently , it needs to be banned.

IF it were me , and I had THAT much in bitcoin , the last place I would be storing it or having access to the wallet or password is on my daily driver PC ..... just saying , it takes a certain amount of common sense, security software cannot think for you, there is no big hand that can jump out of your screen and slap your hands away from the keyboard .... not yet anyways.
:unsure:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top