A new proof-of-concept exploit known as DoubleAgent can not only hijack third-party Windows antivirus software, but use said software to deliver further attacks. While there’s no evidence that the exploit has made its way into the wild yet, most antivirus programs are still completely susceptible to it. Gavin Millard, EMEA Technical Director at Tenable Network Security commented below.
Gavin Millard, EMEA Technical Director at Tenable Network Security:
“Whilst the research and results of DoubleAgent are interesting, it should be noted that administrator privileges would most likely be required to successfully hijack the target executables. If an attacker has admin privileges on an end point, this could become a sneaky method of hiding code and gaining persistence, but it’s doubtful this will become a major attack vector for malware and ransomware.
“The approach of least privilege, using the operating system with a standard user account rather than administrator and restricting local admin access, should mitigate this or make it exceedingly difficult to successfully exploit.”