09-04-2020 , 02:05 AM
https://www.bleepingcomputer.com/news/mi...d-malware/ Microsoft Defender can ironically be used to download malware
By Lawrence Abrams
September 2, 2020 08:33 PM A recent update to Windows 10's Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.
Legitimate operating system files that can be abused for malicious purposes are known as living-off-the-land binaries or LOLBINs.
In a recent Microsoft Defender update, the command-line MpCmdRun.exe tool has been updated to include the ability to download files from a remote location, which could be abused by attackers.
With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers.
Microsoft Defender can be used as a LOLBIN
Discovered by security researcher Mohammad Askar, a recent update to Microsoft Defender's command-line tool now includes a new -DownloadFile command-line argument.
This directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using the following command:
MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
In tests conducted by BleepingComputer.com, this feature was added to Microsoft Defender in version 4.18.2007.9 or 4.18.2009.9.
By Lawrence Abrams
September 2, 2020 08:33 PM A recent update to Windows 10's Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.
Legitimate operating system files that can be abused for malicious purposes are known as living-off-the-land binaries or LOLBINs.
In a recent Microsoft Defender update, the command-line MpCmdRun.exe tool has been updated to include the ability to download files from a remote location, which could be abused by attackers.
With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers.
Microsoft Defender can be used as a LOLBIN
Discovered by security researcher Mohammad Askar, a recent update to Microsoft Defender's command-line tool now includes a new -DownloadFile command-line argument.
This directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using the following command:
MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
In tests conducted by BleepingComputer.com, this feature was added to Microsoft Defender in version 4.18.2007.9 or 4.18.2009.9.