When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.

#trellix #EN #2024 #research #Avast #Anti-Rootkit #driver #malware #aswArPot.sys #analysis

·trellix.com·Nov 27, 2024

When Guardians Become Predators: How Malware Corrupts the Protectors

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day

#bleepingcomputer #EN #2024 #Your #Lazarus #Own #BYOVD #Driver #Zero-Day #Vulnerability #Bring #CVE-2024-38193 #Group #Microsoft

·bleepingcomputer.com·Aug 20, 2024

Windows driver zero-day exploited by Lazarus hackers to install rootkit