• Редакција
  • Приватност
  • Услови за користење
  • Маркетинг
  • Контакт
Tech News, Magazine & Review WordPress Theme 2017
  • Насловна
    • Зошто ИТ-Безбедност.мк?
  • Хакерски Новости
    • Хакерски Напади
    • Сајбер Криминал
    • Ранливости
    • Малвери/Закани
  • Туторијали и Алатки
  • Кариера
  • Контакт
No Result
View All Result
  • Насловна
    • Зошто ИТ-Безбедност.мк?
  • Хакерски Новости
    • Хакерски Напади
    • Сајбер Криминал
    • Ранливости
    • Малвери/Закани
  • Туторијали и Алатки
  • Кариера
  • Контакт
No Result
View All Result
ИТ Безбедност
No Result
View All Result

Microsoft Defender can ironically be used to download malware

Филип Симеонов by Филип Симеонов
септември 3, 2020
Home Хакерски Новости
Share on FacebookShare on Twitter

A recent update to Windows 10’s Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.

Legitimate operating system files that can be abused for malicious purposes are known as living-off-the-land binaries or LOLBINs.

In a recent Microsoft Defender update, the command-line MpCmdRun.exe tool has been updated to download malicious files from a remote location.

With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers.

Microsoft Defender can be used as a LOLBIN

Discovered by security researcher Mohammad Askar, a recent update to Microsoft Defender’s command-line tool now includes a new -DownloadFile command-line argument.

This directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using the following command:

MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]

In tests conducted by BleepingComputer.com, this feature was added to Microsoft Defender in version 4.18.2007.9 or 4.18.2009.9.

MpCmdRun help
MpCmdRun help

As you can see below, BleepingComputer was able to download the resources.exe file, the WastedLocker Ransomware sample used in a recent Garmin attack.

Downloading ransomware with Microsoft Defender
Downloading ransomware with Microsoft Defender

The good news is that Microsoft Defender will detect malicious files downloaded with MpCmdRun.exe, but it is unknown if other AV software will allow this program to bypass their detections.

With this discovery, administrators and blue teamers now ave an additional Windows executable that they need to monitor so that it is not used against them.

Related Articles:

Malware can no longer disable Microsoft Defender via the Registry

Epic Fail: Emotet malware uses fake ‘Windows 10 Mobile’ attachments

New Intel microcode updates for Windows 10 fix CPU hardware bugs

Microsoft confirms why Windows Defender can’t be disabled via registry

Windows Subsystem for Linux is getting these useful new features

Филип Симеонов

Филип Симеонов

Next Post
iOS 13 certificate pinning bypass for Frida and Brida

iOS 13 certificate pinning bypass for Frida and Brida

Препорачани.

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

септември 3, 2020
Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

септември 3, 2020

Популарно.

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

септември 3, 2020
Global DDoS Extorters Demand Ransom from Firms

Global DDoS Extorters Demand Ransom from Firms

септември 3, 2020
Зошто ИТ-Безбедност.мк?

Russian citizen arrested in the United States on charges of organizing a cyber crime

септември 1, 2020
Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware

Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware

септември 3, 2020
Ризикот од користење на ZOOM апликацијата во банкарскиот сектор

Ризикот од користење на ZOOM апликацијата во банкарскиот сектор

септември 1, 2020
ИТ Безбедност

Специјализирано место во кое можеш да дознаеш за сите новости и информации поврзани со Сајбер Безбедност и хакирањето.

Следете не

  • Редакција
  • Приватност
  • Услови за користење
  • Маркетинг
  • Контакт

© 2020 ИТ-Безбедност. Сите права се задржани.

No Result
View All Result
  • Home

© 2020 ИТ-Безбедност. Сите права се задржани.