Cyber security resarchers at CyberArk created an attack which they call Illusion Attack. In developing their own custom SMB server, they were able to trick Windows Defender into scanning a benign file and executing a malicious malware instead. The Illusion Attack begins with an attacker tricking the victim into executing an exploit that is hosted on the malicious SMB share. The attacker would serve different files into the Windows PE Loader and Windows Defender. Whenever Windows Defender would scan the file, it is given a benign file which would be read as clean, while the PE loader would load the malicious file.
Microsoft responded in saying that it isn’t believed to be a security issue, but may be a feature request in the future.
Article: https://threatpost.com/windows-defender-bypass-tricks-os-into-running-malicious-code/128179/
Leave a Reply
You must be logged in to post a comment.