Connect with us

Tech

Kaspersky security tools hijacked to disable online protection systems

Published

on

oyeak7xZpCgbD69FFSjk7Y 1200 80

The infamous RansomHub ransomware group has been spotted abusing a legitimate Kaspersky tool to disable endpoint detection and response (EDR) tools and then deploy stage-two malware on infected systems without being seen.

Cybersecurity researchers Malwarebytes, who recently spotted the activity in the wild, noted once RansomHub compromises an endpoint and finds a way inside, it first needs to disable any EDR tools before deploying infostealers, or encryptors. In this scenario, the tool they used is called TDSSKiller – Kspersky’s specialized tool designed to detect and remove rootkits, particularly those from the TDSS family (also known as TDL4).


Continue Reading
Advertisement

Trending