Old Driver, New Threat: Avast Anti-Rootkit Exploit Leaves Security in the Dust!
A new malicious campaign uses an old Avast Anti-Rootkit driver to evade detection, disable security, and wreak havoc. The malware, aptly named kill-floor.exe, drops the driver like it’s hot and targets 142 security processes with precision. It’s like a ninja in your system, and your antivirus just got blindsided.

Hot Take:
Who knew that the ‘Bring-Your-Own-Vulnerable-Driver’ party was still in full swing? Avast’s anti-rootkit driver just showed us that even software relics can have a killer comeback… quite literally. It seems like the malware scene is keeping the nostalgia alive, bringing out the oldies but goodies to wreak havoc. Maybe these cybercriminals are just trying to revive the classics?
Key Points:
- New malware campaign uses an old Avast Anti-Rootkit driver to disable security systems.
- The attack employs a BYOVD approach, allowing malware to operate at the kernel level.
- A hardcoded list of 142 security processes is used to identify and terminate active security solutions.
- The technique has been seen before in attacks by AvosLocker and Cuba ransomware.
- Security measures can include signature-based blocking and Microsoft’s vulnerable driver blocklist policy.
Already a member? Log in here