News

DoubleAgent Attack Turns Anti-Virus Against System to Hijack PC

A new attack mechanism has been uncovered by Cybellum security researchers that can be used to hijack a PC by injecting malicious computer code via the very thing that people believe is protecting their system: the Anti-virus software. Instead of the typical malware which tries to hide itself, the new attack called DoubleAgent, targets the Anti-virus software and takes control of it.

This attack is made possible because of a 15-year old feature in Windows called Microsoft Application Verifier. Everytime an application is launched, the Microsoft Application Verifier has to verify it. The DoubleAgent attack injects a custom verifier into any application and takes place extremely early into the victim’s boot process. It affects all versions of Microsoft’s Windows operating system. The fix has to come from anti-virus vendors themselves but so far only MalwareBytes and AVG have issued a patch for their anti-virus software. Avast has issued a statement through FossBytes that their anti-virus has already been patched against DoubleAgent earlier this year.

“We were alerted by Cybellum last year through our Bug Bounty program to a potential self-defense bypass exploit. We implemented the fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products, launched earlier this year, are not vulnerable. It is important to note that the exploit requires administrator privileges to conduct the attack which is difficult for hackers to achieve. Therefore, in this context, we consider the likelihood of such an attack to be low and Cybellum’s emphasis on the risk of this exploit to be overstated.”

The list of affected vendors are:

  • Avast
  • AVG
  • Avira
  • Bitdefender
  • Trend Micro
  • Comodo
  • ESET
  • F-Secure
  • Kaspersky
  • Malwarebytes
  • McAfee
  • Panda
  • Quick Heal
  • Norton

Cybellum has published videos on their YouTube channel demonstrating the DoubleAgent attack on various popular Anti-virus programs:

Ron Perillo

Disqus Comments Loading...

Recent Posts

LG 27″ 27GS60QC-B 2560×1440 VA 180Hz 1ms A-Sync HDR10 Curved Widescreen Gaming Monitor

Natural curve, 1000R is just the beginning. It's a gaming revolution with satisfying 180Hz speed,…

6 hours ago

ASUS ROG Azoth 75 RGB Wireless Gaming Keyboard White Frame

ROG Azoth gaming keyboard with 75 keyboard form factor, gasket mount, three-layer dampening foam and…

6 hours ago

AOC 27″ Q27G4X 2560×1440 IPS 180Hz 1ms FreeSync Gaming Monitor

Introducing the Q27G4X, a fusion of gaming excellence and cutting-edge technology. Dive into yourself in…

6 hours ago

Kingston Fury Beast 16GB (2x8GB) DDR4 PC4-28800C17 3600MHz Dual Channel Kit

ColourPrimary ColourBlackSecondary ColourGreySetSetYesNumber of products in set2LightingLighting / RGBNoCooler SpecificationsHeatsink includedYesMemoryMemory size (total)16 GBMemory TypeDDR4Memory…

6 hours ago

Kolink Rocket Heavy Vented Edition Aluminium Mini-ITX Case

New and improved Kolink Rocket Heavy with additional venting Mini-ITX case manufactured from premium materials…

7 hours ago

ASRock Confirms Full Support for Ryzen 9 9950X3D and Ryzen 9 9900X3D CPUs

ASRock has officially announced that its AM5 motherboards will fully support the new AMD Ryzen…

7 hours ago