A computer security researcher has revealed how hackers had hijacked very popular antivirus software to make software capable of erasing files irreversibly.
If antivirus are nowadays installed natively in operating systems, they are nonetheless essential software to protect against possible computer attacks. However, these do not guarantee 100% protection and in some cases can even become the weapon used by hackers to attack. This was revealed by a security researcher computer science who discovered how a security flaw present in certain antiviruses was exploited to compromise certain systems.
It’s during the conference Black Hat Europe that a certain Or Yair, researcher in computer security, revealed the results of his research. The latter has in fact discovered that several very popular antiviruses on the market (Windows Defender, Defender for Endpoint, Sentinel One EDR, TrendMicro Apex One, Avast Antivirus, AVG Antivirus…) included a “zero day” security flaw (present as soon as the software was put on the market).
A flaw which has therefore never been corrected so far and which allowed antivirus software to be diverted to allow them to erase system files irreversibly on infected machines.
System files deleted
Yair has therefore used this flaw in antivirus software to create what is called a “Wiper”, i.e. software capable of making it impossible to recover data deleted by the user from the infected machine. .
Where the trick is particularly effective is that erasing certain files permanently is normal behavior for antivirus software. It is therefore difficult for the system to detect the maneuver.
Stay up to date
According to Or Yair, all of the offending antiviruses have now deployed patches to close this flaw. But the researcher has proven that hackers can sometimes use quite unexpected methods to carry out their attacks. Wipers are not new since they are malware widely used when it comes to carrying out a large-scale cyberattack.
If you are a user of one of the software mentioned above, you must ensure that it is up to date in order to avoid a potential infection.