<ul><li>Hackers are using a legitimate Avast Anti-Rootkit driver to disguise their malware and turn off antivirus protection.</li><li>The malware belongs to the AV Killer family and uses a vector known as bring-your-own-vulnerable-driver (BYOVD) to infect systems.</li><li>The malware places a vulnerable driver named 'ntfs.bin' into the default Windows user folder and uses the 'aswArPot.sys' service to register the driver.</li><li>The malware includes a hardcoded list of processes used by common security products and uses the 'DeviceIoControl' API to end the process, disabling antivirus detection.</li></ul>

Avast security tools hijacked in order to crack antivirus protection

Discover more