google-site-verification: google30a059f9a075f398.html

How anti-virus software can be turned from detecting to spying for the hackers

CyberWisdom Safe Harbor Commentary:

Today I came across this story from and that lays out a little-known fact and is being revealed in the two articles

The two article verifies that an AV software, such as Kaspersky Lab’s, can be weaponized and turned spy.  Here why…

“In order for AV to work, it has to be plugged into the system to be able to basically see and control any operation the system can perform: memory allocation, disk read and write, communications, etc. … which means it is basically in operation Midway through all transactions in the system, so it becomes a good candidate for takeover and compromise. “Jason Kent, chief technology officer at AsTech, told Security Week by email.

In some cases, data breaches, which are legitimate behaviors, can lead to accidental leaks, for example, security programs upload binaries to a cloud-based multiscan, such as Google’s VirusTotal. To better assess whether the file is a malicious file, the security tool will eventually leak data if the analysis file is accessible to multi-user users.

But what if your anti-virus software is intentionally turned into a tool that can monitor you? Is this possible without modifying the program itself? According to security researcher Patrick Wardle, this is possible.

To prove this and use “Antivirus Hacker’s Handbook” (Joxean Koret) as a basis for experimentation, he has altered Kaspersky Lab’s virus signature for Internet Security for macOS and modified one of the signatures to automatically detect confidential documents And mark it as collected. By modifying the signature rather than the antivirus engine, he did not change the main purpose of the security application.

“A malicious or willing insider within any anti-virus company, who could tactically deploy such a signature, would likely remain undetected. And of course, in a hypothetical scenario; any anti-virus company that is coerced to, or is willing to work with a larger entity (such as a government) would equally be able to stealthily leverage their product to detect and exfiltrate any files of interest,” Wardle concluded.

Read more…

WASHINGTON — It has been a secret, long known to intelligence agencies but rarely to consumers, that security software can be a powerful spy tool. Security software runs closest to the bare metal of a computer, with privileged access to nearly every programme, application, web browser, email and file. There is good reason for this: Security products are intended to evaluate everything that touches your machine in search of anything malicious, or even vaguely suspicious. By downloading security software, consumers also run the risk that an untrustworthy anti-virus maker — or hacker or spy with a foothold in its systems — could abuse that deep access to track customers’ every digital movement. “In the battle against malicious code, anti-virus products are a staple,” said Mr Patrick Wardle, chief research officer at Digita Security, a security company. “Ironically, though, these products share many characteristics with the advanced cyberespionage collection implants they seek to detect.” Mr Wardle would know. A former hacker at the National Security Agency (NSA), Mr Wardle recently succeeded in subverting anti-virus software sold by Kaspersky Lab, turning it into a powerful search tool for classified documents. Mr Wardle’s curiosity was piqued by recent news that Russian spies had… Engaging post, Read More…

thumbnail courtesy of

How Antivirus Software Can be the Perfect Spying Tool antivirus product could be spying on you without you having a clue. It might be intentional but legitimate behavior, yet (malicious) intent is the one step separating antivirus software from a cyber-espionage tool. A perfect one, experts argue. read more… How Antivirus Software Can be the Perfect Spying Tool

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » How anti-virus software can be turned from detecting to spying for the hackers