Many fashionable items of antivirus software program comparable to Microsoft, SentinelOne, TrendMicro, Avast, and AVG might be exploited for his or her knowledge deletion capabilities, a high cybersecurity researcher has claimed.
In a Proof-of-Idea doc (opens in new tab) dubbed “Aikido”, Or Yair, who works for cybersecurity agency SafeBreach, defined how the exploit works by way of what is named a time-of-check to time-of-use (TOCTOU) vulnerability.
Notably, in martial arts, Aikido refers to a Japanese type the place the practitioner appears to make use of the motion and power of the opponent in opposition to himself.
How does it work?
The vulnerability can be utilized to facilitate a wide range of cyber-attacks often called “Wipers” based on Yair, that are generally utilized in offensive conflict conditions.
In cybersecurity, a wiper is a category of malware aimed toward erasing the onerous drive of the pc it infects, maliciously deleting knowledge and applications.
In accordance with the slide deck, the exploit redirects the “superpower” of endpoint detection software program to “delete any file regardless of the privileges”.
The whole course of outlined concerned making a malicious file in “C:tempWindowsSystem32driversndis.sys”.
That is adopted by holding its deal with and forcing the “AV/EDR to postpone the deletion till after the subsequent reboot”.
That is adopted by then deleting the “C:temp listing” and “making a junction in C:temp –> C:”, adopted by then rebooting the machine.
Solely a few of the hottest antivirus manufacturers have been impacted, round 50% based on Yair.
In accordance with a slide deck ready by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus have been a few of these affected by the vulnerability.
Fortunately for some, merchandise comparable to Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender have been unscathed.
Keen on updating your cybersecurity instruments? Try our information to the most effective malware elimination instruments
