The malware, disguised as Kill-floor.exe, installs a vulnerable Avast driver (aswArPot.sys) and uses it to terminate security operations from more than 140 vendors, including Microsoft Defender, McAfee, Sophos, and SentinelOne. Working at the kernel level, the driver allows attackers to bypass protection and perform malicious actions without being detected.
This exploit relies on the DeviceIoControl API to pass commands, effectively disabling antivirus and security software.
Experts say regular updates and “proactive enforcement of security policies” remain important for protecting against BYOVD attacks.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
