Old Driver, New Threat: Avast Anti-Rootkit Exploit Leaves Security in the Dust!

A new malicious campaign uses an old Avast Anti-Rootkit driver to evade detection, disable security, and wreak havoc. The malware, aptly named kill-floor.exe, drops the driver like it’s hot and targets 142 security processes with precision. It’s like a ninja in your system, and your antivirus just got blindsided.

Pro Dashboard

Hot Take:

Who knew that the ‘Bring-Your-Own-Vulnerable-Driver’ party was still in full swing? Avast’s anti-rootkit driver just showed us that even software relics can have a killer comeback… quite literally. It seems like the malware scene is keeping the nostalgia alive, bringing out the oldies but goodies to wreak havoc. Maybe these cybercriminals are just trying to revive the classics?

Key Points:

  • New malware campaign uses an old Avast Anti-Rootkit driver to disable security systems.
  • The attack employs a BYOVD approach, allowing malware to operate at the kernel level.
  • A hardcoded list of 142 security processes is used to identify and terminate active security solutions.
  • The technique has been seen before in attacks by AvosLocker and Cuba ransomware.
  • Security measures can include signature-based blocking and Microsoft’s vulnerable driver blocklist policy.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?