Weil hier im Forum immer wieder davor gewarnt wird, dass diverse Antivirus-Programme auf Kernel-Niveau laufen und im Falle eines Angriffs das System nicht sicher ist. Das ist jetzt bei K7 passiert, wohl nur in Japan - "vorerst" würde ich sagen.
Cybercriminals hijacked well known AV software - WinCert
Well-known Chinese threat actors have been discovered abusing a flaw in a known antivirus application to deliver malware to selected targets in Japan.…
www.wincert.net
Cicada malware has been distributed with a method known as DLL sideloading where the victim first has to download a fake K7Security Suite. Interestingly the installation executable itself isn’t malicious, but the folder with installation will usually carry malicious K7SysMn1.dll files.
Und kürzlich auch wieder eine Meldung zu MSI Afterburner
BlackByte Ransomware Bypasses EDR Products via RTCore64.sys Abuse
In this blog, Picus explains how BlackByte bypasses EDRs via RTCore64.sys exploit in their new ransomware.
www.picussecurity.com
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability
news.sophos.com
Die Sicherheitslücke ist seit 2019 offen: