A new malicious campaign has been uncovered where attackers use a cunning evasion technique, deploying the legitimate Avast Anti-Rootkit driver (aswArPot.sys) to bypass detection mechanisms. This strategy exploits the driver’s kernel-mode privileges, corrupting its trusted status to execute malicious actions. Once deployed, the driver becomes a tool for disabling protective processes, effectively neutralizing system defenses and compromising infected machines.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox