A concerning cybersecurity threat has emerged as hackers exploit an old Avast Anti-Rootkit driver to deliver malicious software to Windows computers, according to recent findings by cybersecurity firm Trellix.
The malware, dubbed "Kill Floor," operates by deploying a kernel-level Avast driver to disable critical Windows security systems. Once installed, the malware executes multiple processes to gain control over the infected computer.
What makes this attack particularly dangerous is its use of a legitimate driver to gain elevated system permissions. Kernel-level software operates at the core of the operating system, giving it deep access to computer functions. When compromised, this access can pose serious risks to system security.
Users should watch for warning signs of infection, including:
- Unexpected file downloads
- Unusual system behavior
- New processes running without explanation
- Presence of "kill-floor.exe" file
- Detection of "ntfs.bin" in specific Windows folders
To protect against this threat, users should:
- Keep all software regularly updated
- Download files only from trusted sources
- Use active malware protection software
- Enable real-time protection features
Technical users can implement specific Bring Your Own Vulnerable Driver (BYOVD) rules as an additional security measure.
While Trellix has not disclosed specific victim information or the malware's origin, this incident highlights the growing sophistication of cyber attacks that leverage legitimate software components for malicious purposes.