Tech & Gadgets

Kaspersky security tools hijacked to disable online security systems

Infamous ransomware group RansomHub has been caught abusing a legitimate Kaspersky tool to disable Endpoint Detection and Response (EDR) tools and then install stage two malware on infected systems without detection.

Cybersecurity researchers Malwarebytes, who recently spotted the activity in the wild, noted that once RansomHub compromises an endpoint and finds a way to get in, it must first disable any EDR tools before deploying infostealers or encryptors. In this scenario, the tool they used is called TDSSKiller – Kspersky’s specialized tool designed to detect and remove rootkits, specifically those from the TDSS family (also known as TDL4).

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button