AutoIT used to evade AV

IBM researchers discovered a new way hackers are trying to evade antivirus (AV) software detections using a popular automation tool AutoIT.

According to the IBM X-force research released last week, developers of malware targeting Brazilian banks are now using the AutoIT automation tool to push remote access trojan (RAT) malware. 

The malware typically uses remote access with overlay screens for bank fraud operations in Brazil. 

By using AutoIT, an open source framework for scripting and automation of IT tasks, attackers can compile malicious code using legitimate AutoIT scripts that run as a valid AutoIt framework process that can evade AV software detection on the network. 

Leave a Reply