Tweaked Antivirus Software Turned into a Cyber Spying Tool

Technology > Security

Photo by: geralt via Pixabay


Cybersecurity company Digita Security’s chief research officer Patrick Wardle succeeded in turning the antivirus software of another cybersecurity company, Kaspersky Lab, into a powerful tool that can be used for spying.

Recognizing that there is no such thing as a silver bullet in terms of cybersecurity and that the best solutions extend to different technologies, Digita Security, through its CRO, has subverted the security software and made it a powerful spying tool.

Wardle said that his curiosity first started when the Russian spies used the antivirus products sold by Kaspersky to transmit classified documents, which may have been a critical part of Russia's intelligence gathering. He said that he did not want to be involved in the accusations part. However, he started to question from the technical point of view that if the antivirus software was subverted or hacked, it may possibly create a signature that identifies it as classified information or documents.

The CRO said that an “antivirus could be the ultimate cyber espionage spying tool.” He claimed that it was not difficult to use the vulnerability of Windows software to manipulate the antivirus software of Kaspersky since officials normally classify documents with the acronyms, SCI or TS which mean Sensitive Compartmented Information or Top Secret. He said a rule could be added in the antivirus software to mark documents that contain SCI or TS marker.

After which, a document was edited from his PC that contains a children's book series with the SCI or TS marking. Then, the tweaked antivirus software quarantined or flagged the children book series document.