When Trust Turns Toxic: Exploiting Avast Drivers in BYOVD Attacks

Amber | Attack Report
Download PDF

A new malicious campaign has been uncovered where attackers use a cunning evasion technique, deploying the legitimate Avast Anti-Rootkit driver (aswArPot.sys) to bypass detection mechanisms. This strategy exploits the driver’s kernel-mode privileges, corrupting its trusted status to execute malicious actions. Once deployed, the driver becomes a tool for disabling protective processes, effectively neutralizing system defenses and compromising infected machines.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox