New Windows security exploit hijacks your antivirus and turns it into malware


A report claims criminals could hijack your antivirus software and use it to launch a cyber attack against your computer.

The report from online security firm Cybellum warns Windows 10 users their security software is not nearly as secure as they may have thought.

The researchers who carried out the report claim that many of the leading antivirus apps and software can be hijacked and turned into malware in order to carry out a particularly nasty attack against the unfortunate victim.

“Our researchers discovered an undocumented ability of Application Verifier that gives an attacker the ability to replace the standard verifier with his own custom verifier,” Cybellum explained.

“An attacker can use this ability to inject a custom verifier into any application. Once the custom verifier has been injected, the attacker now has full control over the application.”

The attack, which can affect any computer running Windows 10, as well as previous versions of Microsoft’s operating system, exploits a 15 year old vulnerability in Windows that was undiscovered until now.

The attack dubbed Double Agent, targets Microsoft Application Verifier tool which developers use to detect and fix bugs in software or apps.

The criminals are then able to insert their own malicious code into the Application Verifier tool in order to hijack software, meaning they can then take control of any antivirus software that has been submitted to the tool for verification.

Once they have control, the criminals could then use the hijacked antivirus software to take control of the victim’s computer.

Cybellum says it tested the attack out on all versions of Windows from XP and on all major antivirus software.

Security products such as McAfee, Norton, Malwarebytes, Trend Micro, Avast and Kaspersky were all affected.

Cybellum says it has reported its findings to the affected companies, some of which are still trying to issue fixes for the exploit.

Avast has said it has fixed the problem.

“It is important to note that the exploit requires administrator privileges to conduct the attack and once that’s the case, there are numerous other ways to cause damage or modify the underlying operating system itself,” Avast said.

“Therefore, we rate the severity of this issue as ‘low’ and Cybellum’s emphasis on the risk of this exploit to be overstated.”

Cybellum also posted a video on YouTube demonstrating the exploit.


Comments are closed.