AvosLocker Ransomware to disable antivirus software without being detected

It was recently reported that AvosLocker ransomware had been able of disabling antivirus software and avoid being detected.

Indeed, this new ransomware is capable of bypassing the security features as well as scan for vulnerable Log4Shell endpoints so as to transfer the callback servers to the command-and-control server. It is then the first malware that can disable a defense software by using a legitimate Avast Anti-Rootkit Driver file

The attackers seemingly gain access through a PowerShell script and then proceeded to disable the security products by leveraging the legitimate Avast Anti-Rootkit Driver. After logging in, it continued to disable security products and features.

Hence, this shows that cyber-attacks are not only growing in threats but also in sophistication. Businesses have then a hard time keeping up with updates and remain very vulnerable to cyber threats, especially coming back from the lockdown.

 

More
articles

Menu