Summary: Researchers have identified a medium-severity vulnerability (CVE-2024-11859) in ESET’s antivirus software that state-backed hackers may exploit to execute malicious code undetected. ESET has released a fix and urged users to update their systems, while Kaspersky links the exploit to the hacker group ToddyCat, known for targeting military and governmental organizations. Although the flaw has been confirmed, there are no current reports of it being actively exploited in the wild.
Affected: ESET antivirus software
Keypoints :
- The vulnerability allows attackers to operate malicious DLLs via the ESET antivirus scanner.
- ESET released a fix and reported the issue with a CVSS score of 6.8 out of 10.
- ToddyCat, a hacker group linked to the campaign, has history targeting government entities for data theft.
- The new tool used, TCDSB, is designed to avoid detection by security systems and can modify OS components.
- Research indicates ToddyCat’s operations may have previously involved Chinese espionage activities.
Source: https://therecord.media/eset-software-vulnerability-malware-toddycat-apt