Microsoft’s Application Verifier tool can be used by attackers to grab control of antivirus software, researchers say.
Security researchers have discovered a new attack called DoubleAgent that uses a Windows bug-fixing tool to turn antivirus into malware.
The DoubleAgent attack is detailed by Israel-based security firm Cybellum, which claims to have confirmed it can compromise products by Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Panda, Quick Heal, and Norton. The company says other antivirus products are also likely to be vulnerable.
The attack relies on Microsoft Application Verifier, a runtime verification tool used to discover bugs and improve the security of third-party Windows applications. The tool ships with Windows XP through to Windows 10.
Source: Windows 10: DoubleAgent zero-day hijacks Microsoft tool to turn antivirus into malware | ZDNet
