DUBAI, DUBAI, UNITED ARAB EMIRATES, May 21, 2024 /EINPresswire.com/ -- Cybersecurity experts at ANY.RUN have published new research on the top User Account Control (UAC) bypass methods employed by modern malware. The piece provides valuable insights into the tactics used by malicious actors to exploit Windows 11 systems and includes real-world examples from threats such as FormBook, LockBit, and BlankGrabber.

𝐀𝐛𝐨𝐮𝐭 𝐔𝐬𝐞𝐫 𝐀𝐜𝐜𝐨𝐮𝐧𝐭 𝐂𝐨𝐧𝐭𝐫𝐨𝐥 (𝐔𝐀𝐂)
User Account Control (UAC) is a security feature in Windows operating systems that helps prevent unauthorized changes to the system. UAC prompts users for permission or credentials when an application or task requires administrative-level access, ensuring that users are aware of the potential risks before proceeding.

ANY.RUN covers the three primary methods used to bypass UAC in Windows 11:

𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐂𝐎𝐌 𝐈𝐧𝐭𝐞𝐫𝐟𝐚𝐜𝐞𝐬 𝐰𝐢𝐭𝐡 𝐭𝐡𝐞 𝐀𝐮𝐭𝐨-𝐄𝐥𝐞𝐯𝐚𝐭𝐞 𝐏𝐫𝐨𝐩𝐞𝐫𝐭𝐲
Malware families, such as FormBook and LockBit, abuse the Component Object Model (COM) interfaces, gaining elevated privileges without triggering the UAC prompt. Some of the examples of COM objects include cmstplua and colorui.

𝐌𝐨𝐝𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐭𝐡𝐞 𝐦𝐬-𝐬𝐞𝐭𝐭𝐢𝐧𝐠𝐬 𝐑𝐞𝐠𝐢𝐬𝐭𝐫𝐲 𝐁𝐫𝐚𝐧𝐜𝐡
Malicious actors can manipulate the ms-settings registry branch to bypass UAC and execute unauthorized actions. BlankGrabber is one of the prominent examples of malware with such capabilities.

𝐈𝐧𝐟𝐢𝐧𝐢𝐭𝐞 𝐔𝐀𝐂 𝐏𝐫𝐨𝐦𝐩𝐭 𝐋𝐨𝐨𝐩
This technique bombards users with an endless loop of UAC prompts, relying on their actions to gain access. The experts at ANY.RUN have uncovered DCrat and PureMiner samples using this method.

Learn more about UAC bypass methods and discover real-world examples on ANY.RUN’s blog.

About ANY.RUN

ANY.RUN is a provider of cybersecurity products. Its sandbox enables malware analysts to quickly and accurately analyze malicious files and links, gaining a complete view of advanced cyber attacks. The platform's threat intelligence services, including TI Lookup, Yara Search, and TI Feeds, present users with up-to-date data on the latest malware currently active across the globe. The company is currently celebrating its 8th birthday with special offers that include six months of free service and extra licenses for enterprises.

Veronika Trifonova
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
Twitter
YouTube

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.