Existing operating system files can be used for malicious purposes such as live-off-the-land or LOLBIN binaries.
Following a recent update Microsoft Defender, the MpCmdRun.exe command-line tool can be used to download malicious files from a remote location.
So Microsoft Defender is now part of the long list of Windows programs that can be used by hackers.
Microsoft Defender can be used as LOLBIN
Discovered by the security researcher Mohammad Askar. The recent Microsoft Defender command line tool update includes a new definition for the -DownloadFile command line.
Αυτή η λειτουργία επιτρέπει σε έναν τοπικό χρήστη να χρησιμοποιήσει το Microsoft Antimalware service Command Line Utility (MpCmdRun.exe) για τη λήψη ενός filey from a remote location by running the following command:
MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
In tests conducted by iguru.gr, this feature was added to Microsoft Defender in version 4.18.2007.9 or 4.18.2009.9.
The good news is that Microsoft Defender will detect malicious files that will be downloaded with MpCmdRun.exe.
With this discovery, administrators now have an additional executable program of Windows that they should monitor so that it is not used against them.