A company installing Huntress endpoint security to protect itself inadvertently gave the security firm access to its own malicious activities. The solution, designed to detect malware, instead revealed the attacker’s research into potential targets and use of AI tools for spreading malware.
When a host signaled malware to Huntress, analysts discovered evidence of the attacker’s browser history, which showed research on cryptocurrency and automation solutions. Despite removing its agent after 84 minutes, Huntress retained valuable information about the malicious user.
The incident sparked controversy among security specialists, with some questioning the extent of monitoring by security services. Others argue that the attacker’s voluntary installation of the software and malicious intent justify the surveillance. The case highlights the complex dynamics between attackers and security firms, raising questions about privacy and trust.
Source: https://www.techzine.eu/news/security/134582/cybercriminal-installs-security-software-only-to-be-found-out-by-it