Windows Defender is supposed to protect you from threats like malware, but now hackers have found a way to use it to spread.
Windows Defender is exploited to distribute malware. (Source: depositphotos.com / monticello)
Hackers have found a way to use Windows Defender, Microsoft’s in-house antivirus program, for malicious purposes. A vulnerability in the MpCmdRun.exe command-line tool allows cybercriminals not only to infect your system with malware, but also to steal your data and blackmail you with ransomware.
The attackers proceed according to a classic pattern: First, they infect your Windows PC with the malware Cobalt Strike. This can be done using common methods such as phishing emails. As the security experts from SentinelOne report, the hackers can exploit a Log4Shell vulnerability with the malware. In this way, they can execute malicious code via Windows Defender and successfully install LockBit ransomware.
Cyber criminals use LockBit to encrypt your data and demand ransom for unlocking it. However, we advise you not to respond to the demands, because there is no guarantee that the blackmailers will keep their word. To protect yourself from such an attack, you should create regular backups. In addition, you should not only rely on the pre-installed Defender, but also install an additional antivirus program for your protection.
You might also be interested in this…
Don’t miss anything with the NETWORK-Newsletter
Every Friday: The most informative and entertaining summary from the world of technology!