Pakistan Tech News

Weekly Must-ReadsView All
Popular Topics
Trending NowView All

This Windows security attack can kill your antivirus

2 minute read
This Windows security attack can kill your antivirus
Total
0
Shares
0
0
0

Hackers have found a way to disable some antivirus software on Windows machines, allowing them to spread all kinds of malware on target machines.

Cybersecurity researchers AhnLab Security noted two such attacks last year, in which attackers found two unparalleled vulnerabilities in Sunlogin, a remote control software made by a Chinese company, and used them to deploy a blunt PowerShell that disables any security products victims might have. installed.

Misused vulnerabilities such as CNVD-2022-10270 and CNVD-2022-03672 are tracked. Both are remote code execution flaws found in Sunlogin version 11.0.0.33 and earlier.

Abuse of an anti-fraud driver

To abuse the flaws, the attackers used proofs of concept that had already been released. The deployed PowerShell script decompiles a portable .NET executable – a modified open source Mhyprot2DrvControl that takes advantage of vulnerable Windows drivers to gain kernel-level privileges.

This specific tool abuses the mhyprot2.sys file, which is an anti-cheat driver for Genshin Impact, a role-playing game.

“With a simple bypass, the malware can gain access to the kernel region through mhyprot2.sys,” the researchers said.

Read more

> The same Microsoft mistake may have left users at risk of malware attacks

> Installing game drivers can make your computer vulnerable to cyberattacks

> Here’s our take on the best endpoint protection right now

“The developer of Mhyprot2DrvControl introduced multiple features that can be used with privilege escalation through mhyprot2.sys. Among them, the threat actor used the feature that allows for force termination of processes to develop a malware that shuts down several anti-malware products.”

After the security processes are terminated, attackers are free to install any malware they wish. Sometimes they just open the reverse shells, other times they install Sliver, Gh0st RAT, or XMRig cryptocurrency miner.

The method is known as BYOVD, or Bring Your Own Vulnerable Driver. Against these types of attacks, Microsoft recommends enabling the Vulnerable Drivers Block List, thus preventing the system from installing or running drivers known to be vulnerable.

  • These are the best firewalls out there

Via: BleepingComputer

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Leave a Reply

Your email address will not be published. Required fields are marked *

Prev
KEF’s new Dolby Atmos speakers include an “acoustic black hole” for better sound
KEF's new Dolby Atmos speakers include an "acoustic black hole" for better sound

KEF’s new Dolby Atmos speakers include an “acoustic black hole” for better sound

KEF has updated its R Series line of high-performance speakers with a new lineup

Next
Second Semifinal of PTCL Group’s largest E-Sports gaming competition, GameKey Arena to kick off today
Second Semifinal of PTCL Group’s largest E-Sports gaming competition, GameKey Arena to kick off today

Second Semifinal of PTCL Group’s largest E-Sports gaming competition, GameKey Arena to kick off today

Islamabad: 20 of the best gaming squads will partake in an epic PUBG MOBILE

You May Also Like