Close Menu
GeekBlog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Join Us for WIRED’s “Uncanny Valley” Live

    September 3, 2025

    The new Dolby Vision 2 HDR standard is probably going to be controversial

    September 3, 2025

    Waymo’s next stops for its robotaxis are Denver and Seattle

    September 2, 2025
    Facebook X (Twitter) Instagram Threads
    GeekBlog
    • Home
    • Mobile
    • Reviews
    • Tech News
    • Deals & Offers
    • Gadgets
      • How-To Guides
    • Laptops & PCs
      • AI & Software
    • Blog
    Facebook X (Twitter) Instagram
    GeekBlog
    Home»Tech News»New malware exploits trusted Windows drivers to get around security systems – here’s how to stay safe
    Tech News

    New malware exploits trusted Windows drivers to get around security systems – here’s how to stay safe

    Michael ComaousBy Michael ComaousSeptember 2, 2025No Comments2 Mins Read0 Views
    Share Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration
    Share
    Facebook Twitter LinkedIn Pinterest Email Copy Link

    • Chinese threat group abused a vulnerable WatchDog Antimalware driver to disable antivirus and EDR tools
    • Attackers also leveraged a Zemana Anti-Malware driver (ZAM.exe) for broader compatibility across Windows
    • Researchers are urging IT teams to update blocklists, use YARA rules, and monitor for suspicious activity

    Chinese hackers Silver Fox have been seen abusing a previously trusted Windows driver to disable antivirus protections and deploy malware on target devices.

    The latest driver to be abused in the age-old “Bring Your Own Vulnerable Driver” attack is called WatchDog Antimalware, usually part of the security solution of the same name.

    It carries the filename amsdk.sys, with the version 1.0.600 being the vulnerable one. Security experts from Check Point Research (CPR), who found the issue, said this driver was not previously listed as problematic, but was used in attacks against entities in East Asia.


    You may like

    Evolving malware

    In the attacks, the threat actors used the driver to terminate antivirus and EDR tools, after which they deployed ValleyRAT.

    This piece of malware acts as a backdoor that can be used in cyber-espionage, for arbitrary command execution, as well as data exfiltration.

    Furthermore, CPR said that Silver Fox used a separate driver, called ZAM.exe (from the Zemana anti-malware solution) to remain compatible between different systems, including Windows 7, Windows 10, and Windows 11.

    The researchers did not discuss how victims ended up with the malware in the first place, but it is safe to assume a little phishing, or social engineering was at play here. The crooks used infrastructure located in China, to host self-contained loader binaries that included anti-analysis features, persistence mechanisms, both of the above-mentioned drivers, a hardcoded list of security processes that should be terminated, and ValleyRAT.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    Check Point Research said that what started with WatchDog Antimalware quickly evolved to include additional versions, and types, of drivers, all with the goal of avoiding any detection.

    WatchDog released an update fixing the local privilege flaw, however arbitrary process termination remains possible. Therefore, IT teams should make sure to monitor Microsoft’s driver blocklist, use YARA detection rules, and monitor their network for suspicious traffic and/or other activity.

    Via Infosecurity Magazine

    You might also like

    Drivers exploits Heres Malware safe Security stay systems Trusted Windows
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Previous ArticleHow to Make Light Roast Espresso, According to Chemists (2025)
    Next Article Upgrading to the iPhone 17? Nearly 70% of users plan to after launch – here’s why
    Michael Comaous
    • Website

    Related Posts

    2 Mins Read

    Join Us for WIRED’s “Uncanny Valley” Live

    2 Mins Read

    The new Dolby Vision 2 HDR standard is probably going to be controversial

    1 Min Read

    Waymo’s next stops for its robotaxis are Denver and Seattle

    2 Mins Read

    Waymo expands to Denver and Seattle with its Zeekr-made vans

    1 Min Read

    US v. Google search antitrust trial: updates

    3 Mins Read

    OpenAI Gets Conspiracy-Brained, Sues Nonprofits

    Top Posts

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202513 Views

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 2, 202512 Views

    Framework Desktop Review: A Delightful Surprise

    August 7, 202511 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202513 Views

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 2, 202512 Views

    Framework Desktop Review: A Delightful Surprise

    August 7, 202511 Views
    Our Picks

    Join Us for WIRED’s “Uncanny Valley” Live

    September 3, 2025

    The new Dolby Vision 2 HDR standard is probably going to be controversial

    September 3, 2025

    Waymo’s next stops for its robotaxis are Denver and Seattle

    September 2, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest Threads
    • About Us
    • Contact us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    © 2025 geekblog. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.