Why Free AV is not a wise choice when Protecting Your Data

Members of the hacking group “APT41” were charged by the U.S. Department of Justice for hacking more than 100 victims globally with one of its members running AV vendor Anvisoft.

We all naturally assume that our antivirus vendors are the good guys. But this news of members of APT41 being indicted, according to a news release from the U.S. DoJ, highlights that if you’re looking at using a vendor that is not one of the major established players, you might be playing with fire.

The attacks included “supply chain attacks” where legitimate software providers were compromised and their code modified to facilitate further intrusions against the software providers’ customers.

One of the members charged, Tan DaiLin, was the subject of a 2012 KrebsOnSecurity investigation about his ties to whitelisted AV vendor Anvisoft. Despite this being brought to light, DaiLin and his cohorts continued for 7 years until being initially charged in August of 2019 and then again in 2020.

The Department of Justice release makes no mention of specific involvement of the AV software, but given APT41’s use of supply chain attacks, it makes sense that they would put the same code into Anvisoft’s product to facilitate access to customer networks.

Scary stuff. Here are four take-aways:

  • Stick with known AV players and not a “free AV”. You may end up paying for it dearly if you do.
  • The same goes for point solutions from less-than-well-known vendors. APT41 compromised plenty of smaller software titles to gain access.
  • The bad guys are working tirelessly to gain access to and control over your network. Have a layered security strategy in place to detect abnormally behaving software on your endpoints.
  • As always, use new-school security awareness training to create a strong human firewall and stop users from downloading malicious apps.