Exploit uses antivirus quarantine to release malware

https://www.neowin.net/news/exploit-uses-antivirus-quarantine-to-release-malware

Several unnamed products have been tested for AVGater prior to the disclosure of the exploit. Kaspersky, Malwarebytes, ZoneAlarm, Trend Micro, Emsisoft, and Ikarus have all released patches, as of publishing.

Posted in the generals, we might get an answer: https://forum.avast.com/index.php?topic=210810.msg1430712#new

polonus

avast! actually encrypts Chest content. Meaning you can’t just move the malware from “quarantine” space into whatever spot you want and make it functional there. I could be wrong, but I’d say this “AVGater” only works if AV just “isolates” the malware by moving it from original location into a “quarantine” folder. Though I’m not really aware of any AV that would be doing this. Only Bitdefender Free which just denies access to a file, but leaves it where it is and gives entry in the interface “Quarantine” virtually. File is blocked, but isn’t really moved from original location.