Don’t be too confident, Hackers can now use antivirus software to shut down anti-virus software


Often times, we get so comfortable when we have an antivirus software in our system. However, a new research report says that we shouldn’t get “too” confident. According to a security company, Sophos, new ransomware can now invade Windows systems by attacking Gigabyte drivers. The ransomware will deploy a second driver to disable any running antivirus software.

The ransomware uses a security vulnerability found in Gigabyte drivers in 2018. Gigabyte has confirmed the existence of the bug. This bug allows malicious attackers to use this vulnerability to try to access the device and deploy it. If it’s successful, it will cripple any antivirus in the PC and other conventional security software.

Gizchina News of the week


Sophos said: “The second driver blocks the processes and files of security software. It bypasses tamper protection and enables ransomware to attack users’ computers without interruption…this is the first time we are observing this ransomware. The software uses a third-party driver co-signed by Microsoft to modify the kernel file to load its own unsigned malicious driver and remove the secure application from the kernel. “

A malicious driver can cripple antivirus software

This new ransomware is known as RobbinHood and its basically for blackmailing victims. The report shows that the victims had to pay to unlock the files. If the victim does not pay, the ransom amount will rise at a rate of $10,000 / day.

The executable file of the gigabyte gdrv.sys driver being used is called Steel.exe. This extracts a file named ROBNR.EXE in the Windows temporary folder. This, in turn, extracts two different drivers, one is Gigabyte (Vulnerable Driver), and another software for disabling antivirus software. Once the PC is under attack, Windows driver signing will be inactive to allow malicious drivers to start. Sophos believes that there is no way to help users prevent their PCs from attack. Users just have to continue to use security software to stop attacks.

Source/VIA :
Previous Samsung Galaxy S20 series European price list exposed
Next New Galaxy Watch details: stainless steel and bigger battery

4 Comments

  1. The General
    February 9, 2020

    The days of using PCs and Windows are gone. It’s long been overdue to Change course onto either MacOS, Linux or Unix.

    Windows is an insecure piece of software that is only popular because manufacturers are brain-washed into putting it on every new machine.

    People need to start using more secure systems

  2. Od1sseas
    February 9, 2020

    Don’t be dumb. Windows has much more viruses because it’s a way more famous operating system. Hackers will create viruses in order to infect as much as people as possible. Why would they create viruses on garbage MacOS and garbage Linux which only have 3% Market Share? Get your trash Linux OS and go talk shit elsewhere

  3. ChrisPydtank
    February 9, 2020

    What’s this Click Bait Title!?

    Fake driver used, so let’s tell the public it’s anti virus software shutting down anti virus software, coz that sounds more dramatic. Give me a break!

  4. ChrisPydtank
    February 9, 2020

    Dude, no system is safe. You don’t hear about attacks, bugs, etc on those systems because they are not worth the time and effort due to market share which in turns makes it not as a big story as Windows based machines, except maybe Linux coz many servers use that and they get attacked all the time and many times succeed.

    YOU have been brain washed into thinking MacOS and Linux is 100% safe.

    Google “OSX viruses/malware throughout history” and then look. You can change OSX to iOS, Android, Linux variants and you will certainly find lists.

    Don’t be ignorant and exclaim what you said.