Security Software Could Become the Next Big Malware Target

Over the last several years, malware has been evolving. From the ‘simple’ viruses of just a decade ago to the complex banking Trojan botnets of today - sometimes capable of stealing millions of dollars while evading modern detection methods - malware has become a constantly changing threat. Security researchers scramble to react to new threats while malicious actors work on ways to circumvent the latest security measures. This game never ends and new ways to infiltrate Windows systems appear all the time. Sometimes hackers fall back on old techniques (such as the use of infected macros to exploit vulnerabilities in the Microsoft Office suite). In other instances, hackers are forced to find entirely new methods of distribution and infection in an effort to avoid improved system security and increased consumer awareness about the dangers of malware. Although some of the most popular malware infection vectors right now include malvertising (distributing malware through legitimate advertising networks by embedding malicious code into digital ads) and spam campaigns relying on malicious attachments to spread malicious code, the program or service targeted by the malware changes all the time depending on the vulnerabilities present and the exact goal of the malware campaign. For instance, hackers have started focusing more attacks on Internet of Things (IoT) devices over the last several months. These gadgets (everything from automated thermostats to smart refrigerators) do not offer the same level of security as a PC but can unleash devastating attacks when harnessed by rogue software.

Routers and other embedded devices have also become prime targets for hackers. Recently, another attack vector has been discovered that could be even more dangerous. AV-TEST, an independent lab that specializes in testing security software for the Windows OS, has uncovered major vulnerabilities in some of the most popular anti-malware products on the market. Long-time readers of this blog know that one of the most effective ways to protect a PC from malware threats is to maintain an updated anti-malware program complete with updated malware definitions. When functioning properly, this software is designed to stop malware from infiltrating a machine before it causes damage.

But what happens when that very security software is the target of a malware campaign? In a lot of ways, it’s surprising that security software hasn’t been targeted by hackers before now.

After all, antivirus software is provided with access to sensitive areas of the OS file system, it constantly runs in the background, and is one of few programs that PC users tend to trust when something doesn’t seem right. In other words, if hackers could successfully hijack security software installed on a PC, it would be extremely difficult to defend the machine from the nefarious actions undertaken by the cybercriminals after infection. According to the report released by AV-TEST, malware that specifically targets the security software installed on millions of Windows machines around the world could be the next big threat to PC users. In a test of 21 popular antivirus products, only three were implementing all possible security measures. Many of the others, including some products which have been recommended on this website, failed miserably and could leave your PC susceptible to attack by malicious actors targeting these vulnerabilities.

avtest antivirus malware target

Two proven malware prevention techniques, address space layout randomization (ASLR) and data execution prevention (DEP), have been around since 2005 and help prevent malware from infecting the active memory locations where programs are stored when in use. Unfortunately, out of the 21 products tested, only six security suites have fully implemented both of these techniques according to the AV-TEST report. Avira, ESET, Bullguard, Kaspersky, McAfee and Norton passed the test while other popular products such as Bitdefender, Panda, AVG, and Trend Micro failed to consistently implement these safeguards. Even if you currently use one of the six products that incorporate both ASLR and DEP, your PC could still be at risk. Of the six products mentioned above, only two (ESET and Norton) use digital signatures to protect the integrity of the security software code. Without digital signatures, hackers could substitute malicious files without setting off any alarms. Programs without digital signatures are most susceptible to infection during the updating process (a process which is often performed multiple times per day in the background).

Perhaps the worst part about this report is that AV-TEST did a similar test last year and notified the developers of all products tested of the results. The most recent test was a follow-up meant to determine whether or not the vulnerabilities found in the first test had been corrected. In some cases, security software developers have made changes to reduce malware vulnerabilities but many of the products tested have done nothing to protect end users from a malware strain that targets installed security software. The important thing to remember about any malware strain is that it needs to get installed on a PC in the first place. Properly updated security software is a good start but isn’t enough to protect against a threat specifically designed to evade detection. The best way to protect your PC from any malware strain (including those that target antivirus software) is to minimize system vulnerabilities by following these tips:  

  • Avoid opening unsolicited emails and attachments as these often contain malicious links or embedded code.
  • Disable or uninstall Web browser plugins that aren’t needed for daily operations. Popular targets include Java, Microsoft Silverlight, and Adobe Flash Player.
  • Disable macros in Microsoft Word unless absolutely necessary.
  • Ensure automatic updates are enabled for the OS and all third-party applications.
  • Do not use P2P file sharing websites to download content.

Following these tips significantly reduces the possible vulnerabilities that could be exploited to install malware on a PC. Regardless of the security software used, preventing infection starts with smart and safe Web browsing. If a group of cybercriminals were to create malware capable of hijacking a legitimate security software product, the results could be devastating. Be vigilant and prevent malware from threatening your PC in the first place. If the AV-TEST report proves anything, it’s that antivirus software should come second to proactive malware avoidance.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal