Antivirus software can be hijacked to wipe data

  • Home Antivirus software can be hijacked to wipe data
Antivirus software can be hijacked to wipe data

Antivirus software can be hijacked to wipe data

December 15, 2022

Many popular pieces of antivirus software such as Microsoft, SentinelOne, TrendMicro, Avast, and AVG can be exploited for their data deletion capabilities, a top cybersecurity researcher has claimed.

In a Proof-of-Concept document dubbed "Aikido", Or Yair, who works for cybersecurity firm SafeBreach, explained how the exploit works via what is known as a time-of-check to time-of-use (TOCTOU) vulnerability.

Notably, in martial arts, Aikido refers to a Japanese style where the practitioner looks to use the movement and force of the opponent against himself.

The vulnerability can be used to facilitate a variety of cyber-attacks known as "Wipers" according to Yair, which are commonly used in offensive war situations.

In cybersecurity, a wiper is a class of malware aimed at erasing the hard drive of the computer it infects, maliciously deleting data and programs.

According to the slide deck, the exploit redirects the "superpower" of endpoint detection software to "delete any file no matter the privileges".

The complete process outlined involved creating a malicious file in "C:tempWindowsSystem32driversndis.sys".

This is followed by holding its handle and forcing the "AV/EDR to postpone the deletion until after the next reboot".

This is followed by then deleting the "C:temp directory" and "creating a junction in C:temp --> C:", followed by then rebooting the machine. 

Only some of the most popular antivirus brands were impacted, around 50% according to Yair.

According to a slide deck prepared by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus were some of those affected by the vulnerability. 

Luckily for some, products such as Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender were unscathed. 

To Make a Request For Further Information

5K

Happy Clients

12,800+

Cups Of Coffee

5K

Finished Projects

72+

Awards
TESTIMONIALS

What Our Clients
Are Saying About Us

Get a
Free Consultation


LATEST ARTICLES

See Our Latest
Blog Posts

Top Cybersecurity Threats Small Businesses Face Today
December 7, 2024

Top Cybersecurity Threats

How to Conduct a Successful Virtual Event
December 6, 2024

How to Conduct a Successf

The Future of E-Learning: Trends to Watch in 2024
December 5, 2024

The Future of E-Learning:

Intuit Mailchimp