In a concerning development for cybersecurity, researchers have identified a new campaign that leverages a legitimate Avast Anti-Rootkit driver to disable antivirus protections. This sophisticated tactic allows malware to infiltrate systems undetected, raising alarms among security experts.
Exploitation of Vulnerabilities
The vulnerabilities in the Avast driver have been exploited in various attacks since 2021, with roots tracing back to at least 2016. According to findings from Trellix, the malware is capable of terminating security software processes at the kernel level, effectively rendering antivirus defenses useless.
Notably, this method of attack, known as Bring Your Own Vulnerable Driver (BYOVD), has a troubling history. BleepingComputer highlights that this is not the first instance of an Avast driver being targeted; the 2021 Avoslocker ransomware attacks also took advantage of the same Anti-Rootkit driver. Additionally, Sentinel Labs reported two significant vulnerabilities to Avast in 2021, which were promptly addressed through patches.
As the cybersecurity landscape continues to evolve, the implications of such vulnerabilities are profound, affecting not only Avast but also other security solutions like Microsoft Defender, BlackBerry, and Sophos. The ability of malware to exploit trusted drivers underscores the need for vigilant security practices and robust software updates.
