Skip to main content
  1. Home
  2. Computing
  3. News

New exploit uses antivirus software to help spread malware

Add as a preferred source on Google

One of the most basic rules of safe web browsing is to use antivirus software in order to keep your computer safe. While it’s a good idea to make use of such software, but a recently discovered exploit proves that even the best antivirus software is not fool proof.

Nicknamed AVGater by Austria-based security consultant Florian Bogner, the exploit takes advantage of the “restore from quarantine” function found on many antivirus programs. The concept behind the exploit is fairly simple one. It allows a user to move a piece of malware from the quarantined folder to somewhere else on the victim’s computer, allowing the malware to be executed.

Recommended Videos

Bogner uploaded a video that provides more information on how the exploit works.

Under normal circumstances, the restore from quarantine function would not allow a non-administrator to write a file to the computer’s C:\Program Files or C:\Windows folders, but this attack takes advantage of Windows’ NTFS function to grant the user access to these folders.

As impressive as this all sounds, there is one major flaw which will drastically limit the scope of this exploit. In order to do any of this, the hacker in question must physically be at the computer they wish to infect. Given that most malware is spread via the internet, it is unlikely that this exploit will cause major problems.

Enterprise computers could be the devices most at risk to this sort of attack. While we don’t see it being a widespread problem, it’s feasible that a disgruntled employee could decide to get a little revenge, though such cases are rather limited in nature; most people won’t risk their jobs or prison for such a stunt. That being said, Bogner offered a simple fix to this problem by simply disabling the remove from quarantine feature on enterprise computers.

In terms of antivirus programs, Bogner has notified the vendors of the various software which contain this flaw and many have already rolled out patches to fix this issue.

Exploits such as this are found from time-to-time, but that shouldn’t dissuade users from installing antivirus software as it remains one of the best, though not unquestioned, ways to keep a computer safe from malware and other issues.

Eric Brackett
Former Digital Trends Contributor
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more