This devious new malware technique looks to hijack Windows itself to avoid detection




  • Security researchers from Akamai found UI Automation accessibility feature could be abused for malicious use
  • UI Automation must be allowed to do all the things malware usually does, which makes it difficult for antivirus programs to spot it
  • Admins can monitor the OS for suspicious activity

Cybersecurity researchers from Akamai have discovered a new way to get malware to run on Windows devices without triggering Endpoint Detection and Response (EDR) tools.

In a report published on the Akamai blog earlier this week, it was said that starting with Windows XP, the OS introduced a feature called UI Automation, as part of the .NET Framework. This feature is designed to provide programmatic access to user interface elements, enabling assistive technologies like screen readers to interact with applications and help users with disabilities. It also supports automated testing scenarios by allowing developers to manipulate and retrieve information from UI components programmatically.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *