Close Menu
GeekBlog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    For One Glorious Morning, a Website Saved San Francisco From Parking Tickets

    September 24, 2025

    Pennywise gets an origin story in Welcome to Derry trailer

    September 24, 2025

    Google AI Mode now speaks Spanish

    September 23, 2025
    Facebook X (Twitter) Instagram Threads
    GeekBlog
    • Home
    • Mobile
    • Reviews
    • Tech News
    • Deals & Offers
    • Gadgets
      • How-To Guides
    • Laptops & PCs
      • AI & Software
    • Blog
    Facebook X (Twitter) Instagram
    GeekBlog
    Home»Tech News»New malware exploits trusted Windows drivers to get around security systems – here’s how to stay safe
    Tech News

    New malware exploits trusted Windows drivers to get around security systems – here’s how to stay safe

    Michael ComaousBy Michael ComaousSeptember 2, 2025No Comments2 Mins Read0 Views
    Share Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration
    Share
    Facebook Twitter LinkedIn Pinterest Email Copy Link

    • Chinese threat group abused a vulnerable WatchDog Antimalware driver to disable antivirus and EDR tools
    • Attackers also leveraged a Zemana Anti-Malware driver (ZAM.exe) for broader compatibility across Windows
    • Researchers are urging IT teams to update blocklists, use YARA rules, and monitor for suspicious activity

    Chinese hackers Silver Fox have been seen abusing a previously trusted Windows driver to disable antivirus protections and deploy malware on target devices.

    The latest driver to be abused in the age-old “Bring Your Own Vulnerable Driver” attack is called WatchDog Antimalware, usually part of the security solution of the same name.

    It carries the filename amsdk.sys, with the version 1.0.600 being the vulnerable one. Security experts from Check Point Research (CPR), who found the issue, said this driver was not previously listed as problematic, but was used in attacks against entities in East Asia.


    You may like

    Evolving malware

    In the attacks, the threat actors used the driver to terminate antivirus and EDR tools, after which they deployed ValleyRAT.

    This piece of malware acts as a backdoor that can be used in cyber-espionage, for arbitrary command execution, as well as data exfiltration.

    Furthermore, CPR said that Silver Fox used a separate driver, called ZAM.exe (from the Zemana anti-malware solution) to remain compatible between different systems, including Windows 7, Windows 10, and Windows 11.

    The researchers did not discuss how victims ended up with the malware in the first place, but it is safe to assume a little phishing, or social engineering was at play here. The crooks used infrastructure located in China, to host self-contained loader binaries that included anti-analysis features, persistence mechanisms, both of the above-mentioned drivers, a hardcoded list of security processes that should be terminated, and ValleyRAT.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    Check Point Research said that what started with WatchDog Antimalware quickly evolved to include additional versions, and types, of drivers, all with the goal of avoiding any detection.

    WatchDog released an update fixing the local privilege flaw, however arbitrary process termination remains possible. Therefore, IT teams should make sure to monitor Microsoft’s driver blocklist, use YARA detection rules, and monitor their network for suspicious traffic and/or other activity.

    Via Infosecurity Magazine

    You might also like

    Drivers exploits Heres Malware safe Security stay systems Trusted Windows
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Previous ArticleHow to Make Light Roast Espresso, According to Chemists (2025)
    Next Article Upgrading to the iPhone 17? Nearly 70% of users plan to after launch – here’s why
    Michael Comaous
    • Website

    Related Posts

    4 Mins Read

    For One Glorious Morning, a Website Saved San Francisco From Parking Tickets

    2 Mins Read

    Pennywise gets an origin story in Welcome to Derry trailer

    1 Min Read

    Google AI Mode now speaks Spanish

    1 Min Read

    OpenAI is building five new Stargate data centers with Oracle and SoftBank

    2 Mins Read

    Apple TV Plus has quietly pulled its new show about domestic extremism

    3 Mins Read

    Arctic Rivers Are Turning an Eerie Orange, and This Might Be Why

    Top Posts

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202529 Views

    What founders need to know before choosing their exit at Disrupt 2025

    August 8, 202516 Views

    Grok rolls out AI video creator for X with bonus “spicy” mode

    August 7, 202514 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202529 Views

    What founders need to know before choosing their exit at Disrupt 2025

    August 8, 202516 Views

    Grok rolls out AI video creator for X with bonus “spicy” mode

    August 7, 202514 Views
    Our Picks

    For One Glorious Morning, a Website Saved San Francisco From Parking Tickets

    September 24, 2025

    Pennywise gets an origin story in Welcome to Derry trailer

    September 24, 2025

    Google AI Mode now speaks Spanish

    September 23, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest Threads
    • About Us
    • Contact us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    © 2025 geekblog. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.