According to Or Yair, a cybersecurity researcher, numerous prominent pieces of anti-virus software, such as Microsoft, TrendMicro, and Avast, can be used to wipe data on your PC.
Because these anti-virus products are widely utilised around the world, this is a concerning report.
SafeBreach, a cybersecurity firm, explains how the exploit works in a Proof-of-Concept document named “Aikido,” employing what is known as a time-of-check to time-of-use (TOCTOU) approach.
Aikido is a Japanese martial technique that allows you to use your opponent’s force and movement against them.
How Does It Work?
The weakness, according to the document, can be utilized for a range of cyber-attacks known as “Wipers,” which are frequently used in offensive military circumstances.
In cybersecurity, a wiper is a sort of malware that attempts to erase the hard disc of the machine that it infects. It also deletes data and applications maliciously.
The vulnerability redirects the endpoint detection program’s “superpower” to “destroy all files, regardless of their privileges,” according to the presentation deck. The entire procedure covers the creation of a malicious file in “C:\temp\Windows\System32\drivers\ndis.sys”.
The vulnerability then seizes the handle and instructs the “AV/EDR to postpone the deletion until after the next reboot,” making it more difficult to detect.
Then, before rebooting the machine, it deletes the “C:temp” directory and establishes a junction in “C.temp -> C:”.
Antivirus Software Affected
According to Aikido, only a few of the most well-known antivirus brands were infected.
The researcher created a PowerPoint deck that included instances of susceptible products such as Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus.
Some products are still safe, including Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender.
To read our blog on “Avast Antivirus Sold Users” Data To Google, Microsoft: Report,” click here
