Kaspersky security tools hijacked to disable online protection systems

Estimated read time 2 min read



The infamous RansomHub ransomware group has been spotted abusing a legitimate Kaspersky tool to disable endpoint detection and response (EDR) tools and then deploy stage-two malware on infected systems without being seen.

Cybersecurity researchers Malwarebytes, who recently spotted the activity in the wild, noted once RansomHub compromises an endpoint and finds a way inside, it first needs to disable any EDR tools before deploying infostealers, or encryptors. In this scenario, the tool they used is called TDSSKiller – Kspersky’s specialized tool designed to detect and remove rootkits, particularly those from the TDSS family (also known as TDL4).



Source link

You May Also Like

More From Author

+ There are no comments

Add yours