Double Agent will turns Antivirus into Malware in All Versions of Windows

Cybellum researchers say the problem can affects all processes, won’t go away anytime soon

A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer.

Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10.

Based on a 15-year-old feature Application Verifier (which is a tool included in all versions of Microsoft Windows and is used as a runtime verification tool in order to discover and fix bugs in applications) in Windows from XP through Windows 10, the attack is effective against all 14 antivirus products tested by security vendor Cybellum – and would also be effective against pretty much every other process running on the machines.

Double Agent was discovered by Cybellum researchers and has not been seen in the wild.

Microsoft Application Verifier Exploit

The vulnerability resides in how this Application Verifier tool handles DLLs. According to the researchers, as part of the process, DLLs are bound to the target processes in a Windows Registry entry, but attackers can replace the real DLL with a malicious one.

Simply by creating a Windows Registry key with the name same as application he wants to hijack, an attacker can provide his own custom verifier DLL he would like to inject into a legitimate process of any application.

Once the custom DLL has been injected, the attacker can take full control of the system and perform malicious actions, such as installing backdoors and persistent malware, hijacking the permissions of any existing trusted process, or hijacking other users’ sessions even after reboots/updates/reinstalls/patches/etc.,” Cybellum says. In other words, the DLL persists.

How Does DoubleAgent Work?

“You’re installing antivirus to protect you, but actually you’re opening a new attack vector into your computer,” says Slava Bronfman, the CEO of Cybellum. “Hackers usually try to run away from AntiVirus and hide from it, but now instead of running away they can directly attack the AntiVirus. And once they control it they don’t even need to uninstall it, they can just quietly keep it running.”

As the attack unfolds, it allows malicious code to become persistent, since it entered through the legitimate Application Verifier tool. The researchers say that even measures like a system reboot won’t eliminate a DoubleAgent attack. And once hackers control the antivirus program they can manipulate it to execute all sorts of attacks, from passive surveillance to encrypting and ransoming off data, because of the inherent trust operating systems place in antivirus programs.

Impact of the DoubleAgent

Modify the Antivirus internal behavior : Changing the antivirus whitelists/blacklists, internal logic and even installing backdoors. The antivirus would still appear to work normally but would actually be completely useless, giving the attacker the ability to execute malware that would normally be blocked without any interference.

Abusing the Antivirus trusted nature : The antivirus is considered one of the most trusted entities in an organization. The attacker can use the antivirus to perform operations that would normally raise “red flags” like exfiltrating data, C&C communication, lateral movement, stealing and decrypting sensitive data, etc. All of these operations would seem legit because they are done by the antivirus.

Destroy the Machine : The antivirus has complete power over the machine, which can allow it to easily encrypt all your files or even format your hard drives.

Denial of Service : An antivirus software is responsible for signing software to act maliciously based on a set of heuristic rules. This means that the attacker can sign a totally legit and critical software such as browser applications, document viewers, or even some key components that are deep within the operating system. Once the signature has spread across the organization, it would then cause a total denial of services for the entire company. Once an antivirus decides a file is malicious, it would create a signature for it and share it globally around the world. Because the attacker controls the antivirus, he may sign totally legit and critical applications such as browsers, document viewers, or even some key components that are deep within the operating system. Once the new signature has spread across the organization, all the other instances of the antivirus would remove/delete the critical application causing total denial of services for the entire organization.

Vulnerable Anti viruses

The list of vendors that have been tested and found to be vulnerable to DoubleAgent.  The tests were done on the latest version of the vendor on Windows 10 x64 using our POC code.

  • Avast (CVE-2017-5567)
  • AVG (CVE-2017-5566)
  • Avira (CVE-2017-6417)
  • Bitdefender (CVE-2017-6186)
  • Trend Micro (CVE-2017-5565)
  • Comodo
  • ESET
  • F-Secure
  • Kaspersky
  • Malwarebytes
  • McAfee
  • Panda
  • Quick Heal
  • Norton

After hijacking the anti-virus software, attackers can also use the DoubleAgent attack to disable the security product, making it blind to malware and cyber attacks, using the security product as a proxy to launch attacks on the local computer or network, elevating the user privilege level of all malicious code, hiding malicious traffic or exfiltrate data, or damaging the OS or causing a denial of service.

UPDATE: Trend Micro issued this statement: “At this time, we have confirmed that Titanium is the only product affected by this vulnerability, and we do have a patch in the works to be published as an urgent security bulletin later this morning.”S

UPDATE: Kaspersky Lab issued this statement: “Kaspersky Lab would like to thank Cybellum Technologies LTD for discovering and reporting the vulnerability which made a DLL Hijacking attack possible via an undocumented feature of Microsoft Application Verifier. The detection and blocking of this malicious scenario has been added to all Kaspersky Lab products from March 22, 2017.”

UPDATE: Comodo Vice President of Worldwide Engineering Egemen Tas wrote a post about this including: “No we are not vulnerable to this AppVerifier injection…For this attack to be successful, [the] malware author should be able to bypass [Comodo Internet Security] protection. CIS by-default allows only whitelisted applications to modify such critical keys. Non-whitelisted applications will be either blocked or sandboxed rendering the attack ineffective.”

UPDATE: Norton issued this statement: “After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted.”

UPDATE: Avast issued this statement: “We were alerted by Cybellum last year through our Bug Bounty program to a potential self-defense bypass exploit. We implemented the fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products, launched earlier this year, are not vulnerable. It is important to note that the exploit requires administrator privileges to conduct the attack and once that’s the case, there are numerous other ways to cause damage or modify the underlying operating system itself. Therefore, we rate the severity of this issue as “low” and Cybellum’s emphasis on the risk of this exploit to be overstated.”

UPDATE: Avira issued this statement: “The DoubleAgent zero-day exploit shows how Microsoft’s Application Verifier can be manipulated and theoretically used to inject malware into a compromised system. Application Verifier is used by app developers to identify and fix bugs in their software.

“Research by Avira has confirmed that the core Avira Antivirus Pro processes, those responsible for all detection and protection tasks, cannot be impacted by the DoubleAgent PoC. These processes are protected by a self-protection feature within the app which is not accessible via this PoC. There is limited ability to manipulate some lower-level processes which do not have high privileges or rights.


Microsoft has provided a new design concept for antivirus vendors called Protected Processes. The new concept is specially designed for antivirus services. Antivirus processes can be created as “Protected Processes” and the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks. This means that even if an attacker found a new Zero-Day technique for injecting code, it could not be used against the antivirus as its code is not signed. Currently no antivirus (except Windows Defender) has implemented this design. Even though Microsoft made this design available more than 3 years ago. It’s important to note, that even when the antivirus vendors would block the registration attempts, the code injection technique and the persistency technique would live forever since it’s legitimate part of the OS.

About Prasad 58 Articles
Prasad Paul is a Technical Writer, Security Blogger, Network Engineer and IT Analyst. He is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.