14 Security Solutions Vulnerable to Double Agent Malware

Double Agent Malware Infects Security Solutions

A malware attack dubbed Double Agent has been discovered by security vendor, Cybellum.  It is reported, although this attack has been discovered, it has not been yet witnessed in the public.

Double Agent effectively uses a 15 year-old vulnerability within the Windows operating system.  The security gap is associated with Microsoft Application Verifier, which can be found on all Windows PCs ranging from XP to Windows 10.  What is troubling being, by gaining access to Microsoft Application Verifier, this malware variant has access to all of the legitimate programs on your PC.  Since Double Agent has access to this platform, it has been able to successfully alter 14 different anti-virus solutions by adding malware to their platforms.  The 14 impacted security solutions include:

  • AVG
  • Malwarebytes
  • Avast
  • Avira
  • Bitdefender
  • Trend Micro
  • Comodo
  • ESET
  • F-Secure
  • Kaspersky
  • McAfee
  • Panda
  • Quick Heal
  • Norton

All of the AV programs have had over 90 days to patch the vulnerability; however, out of these 14 programs that have been compromised, only four have been effectively patched.  According to Network World, those are AVG, Kaspersky, Trend Micro and Malwarebytes.

Although this malware variant could infiltrate various other programs that are verified by Microsoft, it does not.  It chooses security solutions because they are trusted by PC users, and have access to the entire PC.  It’s essentially the golden key.



6,498 total views, 1 views today

(Visited 1 times, 1 visits today)

8 thoughts on “14 Security Solutions Vulnerable to Double Agent Malware

  1. I tried to install Avira in vista home premium. But always stops internet is not allowing something … fact.exe is not allowed by firewall. I disabled firewall also. Still I get the message. How to overcome this problem in install?

  2. I have been using Avira free alongside Advanced System Care Pro for over 12 months. Avira started to tell me that ASC was a virus and started dismantling and uninstalling from my machine. It was showing me a malware name of TR/DECEPIOBIT/. GB or FR or other language. I investigated and found no reference to a virus of this name until today with removal instructions. I have uninstalled Avira and now run 360 Total Security free without any issues. Just wondering whether this perhaps coincided with the double agent time frame.

    • @Peter Oh: As an owner of a phone labelled as subject to infection, now my two questions First is edge inoculated against infliction, seems a natural conclusion given the spread of information provided? And the other question of which I hope you do not take offense is to what extent is PC-Matic under-girded
      by representatives of Edge/Microsoft

  3. 1. What does “Double Agent” DO? Steal info or identities? Ransom disks? Sell lemonade?
    2. If it uses a hole in Windows Verifier, can’t it penetrate ALL anti-malware suites?
    3. Would a watchdog prog like AppGuard prevent Double Agent from accomplishing its mischief?

    • Double Agent injects itself into legitimate programs within the Verifier application. It can obtain personal information or even lock files and hold them ransom. Theoretically it could penetrate all anti-malware suites, that are not using application whitelisting as their primary method of detection. We have confirmed with PC Matic’s malware research team that one way Double Agent was executing was with a .exe file. This would be scanned by PC Matic’s whitelist security and wouldn’t execute, because it is not a safe file. I hope this helps clarify your questions!

  4. I believe all, if not almost all, of the 14 AV programs now have settings that do not allow any changes to the AV software – as that was happening a couple of years ago when malware was immediately listing itself as safe – thus bypassing the AV.
    Would that not stop a change by Microsoft Application Verifier?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.