A malware campaign has been discovered targeting systems using a vulnerable Avast Anti-Rootkit driver. This driver allowed malware to disable security tools and assume control over the system. The compromise affected various security products from multiple companies, with the malware utilizing kernel-level access to terminate security processes. Organizations were advised to instate protections against BYOVD (Bring Your Own Vulnerable Driver) tactics, which use legitimate but compromised drivers to evade detection. Indicators of compromise have been provided to assist in thwarting such attacks, highlighting the importance of protecting systems against kernel-level threats posed by flawed security drivers.
Source: https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html
"id": "ava000112624",
"linkid": "avast",
"type": "Vulnerability",
"date": "11/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"