Nowadays the malware attacks are increasing rapidly, and every user, as well as companies, are trying their best to bypass such unwanted situations.
Since Antivirus softwares are the key to evade such attacks, that’s why every users and company rely upon them to keep themselves safe. Here, the AV software plays a full-time task to stop such malware attacks and keep the users and the companies secure.
But all these software do have a weakness that could be a way for the threat actors to deactivate the protection of the software.
Once the hackers deactivate all the high-security protection they can easily take all the control of the software and can perform the ill-disposed operation as per their plan.
The University of London and the University of Luxembourg have given a brief detail regarding this twin attack. They asserted that currently, they are aiming to bypass the protected folder feature that is being offered by the antivirus programs.
However, these features mainly encrypt the files that are the cut-and-mouse and disable the real-time protection just by replicating the mouse click that is the Ghost Control.
The security researchers affirmed that they are sticking to an ethical code of conduct, as they know all the possible risks that can occur due to these two attacks.
But, the experts have not yet disclosed the software that can be used to exploit the above-mentioned vulnerability.
But they claimed that they have directly conducted all the AV companies, and shared all the details regarding these attacks and all possible methods that will help them to replicate the attacks.
To protect the processes from unauthorized modification, the experts have mentioned the security measures that are provided by the Windows OS, and here they are:-
This attack generally helps the hackers in allowing the ransomware to bypass the detection of anti-ransomware solutions, which are specifically based on protected folders, and later it encrypts the files of the victim.
This attack is the most critical and is not easy to bypass, but the analysts have detected two entry points for the attack, and those two entry points allow the malware to evade this defense system.
Here are the two entry points mentioned below:-
However, using this vulnerability the attackers can bypass the anti-ransomware protection via controlling a trusted application.
The experts have encountered an exceptionally yet very simple utilization of the synthesized mouse incident method, as it enables the threat actors to deactivate nearly half of the consumer AV programs.
Apart from all these things, the threat actors can disable the AV protection by simulating the legal user actions so that they can easily activate the Graphical User Interface (GUI) of the AV program.
As per the analysis report, there are two reasons why Ghost Control is capable of deactivating the shields of several AV programs, and they are:-
In order to collect all the coordinates of the mouse that are present on the screen, the prototype generally uses the GetCursorPos() Application Programming Interface (API).
However, in each simulated mouse click, the prototype sleeps for nearly 500 ms to make sure that the next menu should be easily available for the next GUI.
In controlling the real-time protection of AVs the experts have pronounced two ways that are collecting Coordinates to Disable AV and stopping Real-time Protection.
Out of 29 antivirus solutions that were being detected by the researchers, it was evaluated that 14 of them were found vulnerable to the Ghost Control attack.
While on the other hand, all 29 antivirus programs were tested, and it has been found that each antivirus has a high risk from a Cut-and-Mouse attack.
Moreover, the security analysts have concluded that the security solutions that are being provided to each vendor are to be followed subsequently. Apart from this, the AV companies are still trying their best to successfully implement all the defenses.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205…
The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to safeguard…
The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. …
INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase widely…
Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT," which…
A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought…