top of page
Search

Latest Antivirus Softwares Bug Let Hackers Bypass AntiVirus & Deactivate Their Protections

Updated: Jun 12, 2021

Why is the malware risk is so high?

The internet traffic nowadays has been overloaded given most offices operate on WFH (Work from Home) basis. Hence, the risks of malware attacks have never been so high. All the companies and individuals are trying their best to avoid such malware attacks.

Everyone knows that Antivirus is the most trusted defense against such malware attacks. The work of Antivirus is a full-time job to put a halt to these malware attacks and protect companies and individuals.

These Antivirus come with their fair share of threat actors that can deactivate the Antivirus’s protection. After disabling all the high-security protection they can easily take over the operations of any software remotely from their own devices.


Research regarding malware attacks


The University of Luxembourg as well as The University of London have briefed regarding these twin attacks. They said that they are currently working towards bypassing the protected folder feature that is on offer by the antivirus.

Having said that, the Antivirus merely encrypts the files that are cut-and-mouse and disable the real-time protection just by replicating the mouse click that is the Ghost Control.


Coordinated and Responsible Disclosure

The researchers at the Uni have affirmed that they are following an ethical code of conduct, as they are aware of all the risks that can take place owing to these attacks.

The researchers have not yet released the name of the software that can be used to exploit the said vulnerability. However, they have assured that they have directly conducted all the Antivirus companies. They have shared all the details regarding the attacks and the ways using which they can replicate the attack.

Existing measure by Windows

The experts have come up with various processes to the lookout in Windows OS and they are as follows:

Cut-and-Mouse

This attack is classified as critical and is difficult to bypass. This attack allows the hackers in allowing the ransomware in bypassing the detection. These are specifically based on folders that are protected. These further down the line encrypts the files of the victim.

The analysts have identified two entry points regarding the attack. The two entry point are as follows:

  • AVs Do Not Monitor Some Process Messages

  • UIPI (User Interface Privilege Isolation) is unaware of trusted apps.

Ghost Control

A simple yet exceptional utilization of the synthesized mouse incident method, as they activate the various actors to turn off the Antivirus program.

As per recent reports there two key factors why Ghost Control is capable of turning off the shields of several Antivirus programs. They are as follows:

  • Unrestricted Access to Scan Component

  • AV Interface with Medium IL

Auxilliary Measures Bypassed

  • Passing Human Verification (CAPTCHA verification)

  • Insecure Sandboxing Methods

0 views0 comments

Recent Posts

See All
bottom of page