Cybellum’s researchers find a technique which can turn your AV against you

If you have data on your computer that is important, you need to watch the video mentioned below. It could stave off a ransomware attack.

Security researchers from Cybellum have discovered a zero-day attack technique that hackers use to take control of your computer. The 0-day attacked is called DoubleAgent.

Developers typically use Microsoft’s Application Verifier tool to detect and fix bugs in their applications. To do so they load a DLL into their apps, and as Cybellum’s researchers found out, this process is being exploited by hackers to inject their own DLLs into apps instead of the one supplied by Microsoft.

Cybellum’s researchers have proven that the technique can even be used to hijack anti-viruses and turn them into zombie malwares. Once infected, the corrupted apps can then be used to take control over the operating system ranging from Windows XP to the latest version of Windows 10.

Three months ago, Cybellum’s researchers have notified the following companies that their anti-virus apps are vulnerable to this technique. The affected anti-virus companies include:

  • Panda
  • Eset
  • BitDefender
  • Kaspersky
  • Trend Micro (CVE-2017-5565)
  • Avira (CVE-2017-6417)
  • McAfee
  • Norton
  • Avast (CVE-2017-5567)
  • Malwarebytes
  • F-Secure
  • Comodo
  • AVG (CVE-2017-5566)
  • Quick Heal

While MalwareBytes and AVG have stated that they have issued a patch, TrendMicro said it will soon release a patch. If you use these three apps, you may want to update them asap.

The technique discovered by Cybellum’s researchers will not only work on all anti-viruses but on core Windows apps as well. It can work with just about any application.

To better get a grip of what DoubleAgent can do, watch this video. You don’t want your antivirus to turn into a ransomware that encrypts your data until you pay, do you?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s