DoubleAgent attack can use anti-virus apps to hijack your PC
The zero-day attack exploits Microsoft’s Application Verifier tool.
Secureness researchers from Cybellum have uncovered another technique internet criminals can use to take over your pc. The zero-day attack called DoubleAgent exploits Microsoft’s Application Verifier tool, which developers use to discover and fix bugs in their applications. Developers have to weight a DLL into their applications to check on them, and Cybellum’s researchers found that hackers may use the tool to inject their own DLLs rather than the one Microsoft provides. Actually the team proved that the technique can be used to hijack anti-virus applications and turn them into malware. The corrupted software can then be used to take power over computer systems running any version of Windows from XP to the latest release of Windows 10.
The experts notified these companies 90 days ago that their anti-virus programs are susceptible to the approach:
- Avast (CVE-2017-5567)
- AVG (CVE-2017-5566)
- Avira (CVE-2017-6417)
- Bitdefender (CVE-2017-6186)
- Trend Micro (CVE-2017-5565)
- Quick Heal
They’ve recently been working with some of them since, but thus far, only Malwarebytes and AVG have issued a patch. Trend-Micro plans to release one soon, as well. If you use any of the 3 apps, you may want to update once you can. To note, Cybellum only focused its efforts on anti-virus programs, but the technique could work with any application, even windows OS itself.
To better understand what DoubleAgent can do, ensure that you watch it below. It shows how it can turn an anti-virus software into a ransomware that encrypts documents until you pay up.