YOUR ANTIVIRUS SOFTWARE might come with some annoyances. It might slow your computer down, or pop up so many alerts that you can’t tell when something is actually wrong. But researchers have discovered a more sinister downside: A well-intentioned debugging tool found in many versions of Microsoft Windows can be used maliciously to gain access to vulnerable antivirus programs, and weaponize them.
Discovered by researchers at the Israeli cybersecurity defense firm Cybellum, the so-called “DoubleAgent attack” takes advantage of the Microsoft Application Verifier, a tool used for strengthening security in third-party Windows applications, to inject customized code into programs. The approach could potentially manipulate any software target, but antivirus programs would be particularly appealing to an attacker since they have such extensive system privileges for scanning.