ANY.RUN Exposes Malicious Methods For Bypassing Windows 11 User Account Control

(MENAFN- EIN Presswire)

DUBAI, DUBAI, UNITED ARAB EMIRATES, May 21, 2024 /EINPresswire / -- Cybersecurity experts at ANY have published new research on the top User Account Control (UAC) bypass methods employed by modern malware. The piece provides valuable insights into the tactics used by malicious actors to exploit Windows 11 systems and includes real-world examples from threats such as FormBook, LockBit, and BlankGrabber.

About User Account Control (UAC)
User Account Control (UAC) is a security feature in Windows operating systems that helps prevent unauthorized changes to the system. UAC prompts users for permission or credentials when an application or task requires administrative-level access, ensuring that users are aware of the potential risks before proceeding.

ANY covers the three primary methods used to bypass UAC in Windows 11:

Exploitation of COM Interfaces with the Auto-Elevate Property
Malware families, such as FormBook and LockBit, abuse the Component Object Model (COM) interfaces, gaining elevated privileges without triggering the UAC prompt. Some of the examples of COM objects include cmstplua and colorui.

Modification of the ms-settings Registry Branch
Malicious actors can manipulate the ms-settings registry branch to bypass UAC and execute unauthorized actions. BlankGrabber is one of the prominent examples of malware with such capabilities.

Infinite UAC Prompt Loop
This technique bombards users with an endless loop of UAC prompts, relying on their actions to gain access. The experts at ANY have uncovered DCrat and PureMiner samples using this method.

Learn more about UAC bypass methods and discover real-world examples on ANY's blog .

About ANY

ANY is a provider of cybersecurity products. Its sandbox enables malware analysts to quickly and accurately analyze malicious files and links, gaining a complete view of advanced cyber attacks. The platform's threat intelligence services, including TI Lookup, Yara Search, and TI Feeds, present users with up-to-date data on the latest malware currently active across the globe. The company is currently celebrating its 8th birthday with special offers that include six months of free service and extra licenses for enterprises.

Veronika Trifonova
+1 657-366-5050
email us here
Visit us on social media:


EIN Presswire

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.