Microsoft Defender antivirus can now download malware on Windows 10

0
738

Microsoft Defender antivirus can now download malware on Windows 10

After a recent update, Microsoft Defender antivirus built into Windows 10 can be used by hackers to remotely download malware and other files, according to online sources.

Windows 10
Windows 10

The source says that a recent Microsoft Defender update brought with it a new command-line argument called DownloadFile. This directive allows a local user to interact with the Microsoft Antimalware Service command-line utility (MpCmdRun.exe) to download a file from a remote location using the command MpCmdRun.exe –DownloadFile –URL [download resource address] –path [save directory].

According to reports, this feature was added in Microsoft Defender 4.18.2007.9 or 4.18.2009.9. The enthusiasts conducted several experiments, during which they managed to download the resources.exe file, which is the WastedLocker ransomware, which was used by cybercriminals in a recent attack on wearable electronics manufacturer Garmin using the command mentioned.

This problem was first discovered by information security researcher Mohammad Askar. Finding it means Microsoft Defender joins a long list of Windows operating system programs that can be used by cybercriminals to conduct cyber attacks. The good news is that Microsoft Defender itself detects malware downloaded using MpCmdRun.exe, but it’s unclear if third-party antivirus software is capable of preventing malware from downloading through this feature.

 

Also Read:  The flagship smartphone Microsoft Surface Duo has fallen in price by 450 dollars