March 24, 2017

DoubleAgent Attack Turns Your Antivirus Into Malware And Hijacks Your PC

Do you have an Antivirus on your PC or Laptop? Generally, antivirus is used to prevent, detect and remove malicious software. This software is the best source to guard your data from different viruses. Making use of these ant viruses, the hijackers are now attacking your PCs/Laptops turning the antivirus into the Malware. They can now access your data and misuse.

Your Antivirus Software might come with some annoyances like slowing down your computer down or pop up so many alerts that you can’t tell when something is actually wrong. But researchers have discovered a more sinister downside: A well-intentioned debugging tool found in many versions of Microsoft Windows can be used maliciously to gain access to vulnerable antivirus programs, and weaponize them.


“Cybellum security researchers have uncovered a new attack mechanism that can be used to take control of your antivirus and turn it into a malware. Called DoubleAgent, this attack exploits an old and undocumented vulnerability in Windows operating system. This Zero Day code injection technique affects all major antivirus vendors and has the power to hijack permissions.”

In the field of counterintelligence, a Double Agent (also a double secret agent) is an employee of a secret intelligence service, whose primary purpose is to spy on a different target organization, but who, in fact, is a member of the target organization. Double agentry may be practiced by spies of the target organization who infiltrate the controlling organization or may result from the turning (switching sides) of previously loyal agents of the controlling organization by the target.

The Cybellum security researchers have found a new technique that can be used by the cybercriminals to hijack your computer in order to hijack your PC by treating malicious program code. This new Zero-Day attack can be used to take full control over all the main antivirus software. Instead of concealing from the malware, this strike takes control over the malware itself.

The List Of Affected Vendors Are:





Trend Micro








Quick Heal


How Does DoubleAgent Attack Work?

Some of you might be knowing about Microsoft Application Verifier. It’s a Windows tool that comes loaded with all the versions of Microsoft Windows. Whenever an application tries to run, Application Verifier verifies it. DoubleAgent exploits old Microsoft Application Verifier vulnerability to inject malicious code into antivirus or antimalware, turning it into a malicious agent. Microsoft Application Verifier tool is designed to detect and fix minor problems and critical security flaws, and it comes as a component of all Windows OS versions.

It affects all versions of Microsoft Windows. The DoubleAgent attack is extremely dangerous, as it can be used to hijack and abuse any security product. By exploiting the DoubleAgent mechanism, an attacker can disable the antivirus, make it not responding to certain types of malware, use the antivirus solution as a proxy for attacks on the local network, encrypt your files, cause a denial of service or even format your hard drives.

Wired Security

Cybellum researchers uncovered an unrecorded ability that may allow a good attacker in order to inject the custom verifier into any kind of application. By doing this, the opponent can obtain complete control of the computer. This particular attack provides an opponent the ability to provide any DLL into any kind of process. This particular ad shot takes place incredibly early throughout the victim’ s i9000 boot procedure.

DoubleAgent may even continue treating code right after reboots. This particular makes it an ideal persistence method. Even if the target would totally uninstall plus reinstall this program, the attacker’ s DLL would be injected once the process completes. If we discuss the strike vector that will target malware software,   DoubleAgent is able to turn a good antivirus into malware, improve the internal habits of an anti-virus, modify the particular trusted character of a malware, destroy the device, or refusal of services.

To better understand what DoubleAgent can do, make sure to watch the video below. It shows how it can turn an anti-virus app into a ransomware that encrypts files until you pay up.

Taking control over Avira Antivirus:

YouTube video

Taking control over Comodo Antivirus:

YouTube video

Taking control over Norton Antivirus:

YouTube video

So, guys, please beware of such Malware and follow your Antivirus provider instructions. If you have any queries, please let us know in the comments section below.

About the author 


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}