Unthinkable: Antivirus providers attacked by hackers

By Kim Komando

May 12, 2019

We depend on antivirus software for peace of mind while we browse the internet. These programs are able to identify malicious activity as it’s happening, thwarting would-be hackers and malware alike. So when news breaks out that online defenders have fallen victim to hackers, it makes us question how secure our systems have been all along.

As it turns out, antivirus providers are no more safe than you and I when it comes to cyberattacks. A recent breach by a dangerous hacking collective has targeted three of the most popular antivirus developers — and the data they stole is now for sale on the dark web!

If you’re concerned about the safety of your system following this breach, you absolutely should be! These hackers didn’t just break into these companies for cash and personal glory. They’re after codes that help ordinary people like you keep your computer virus free.

How did hackers break into antivirus companies?

According to a report published by Advanced Intelligence, a collective of Russian based hackers calling themselves “Fxmsp” was responsible for breaching servers of three major antivirus providers. Using a combination of social engineering and brute-force techniques, the group was able to gain access, and immediately proceeded to steal valuable information like source codes and databases.

Having access to antivirus source codes would allow hackers to develop new viruses that could bypass existing filters, making them harder to catch and remove. Not to mention, if the source code goes public, that means the hacking community at large now has blueprints to the most common cyber security systems on the market.

The Fxmsp hackers are well-known for selling the spoils of their activity, and are currently charging thousands of dollars for access to the stolen data.

Am I affected by the Fxmsp hack?

According to the report, no user information was stolen in the breach. Instead, hackers opted to take information from the company itself — specifically in the realm of software development. This serves their ends by helping them develop more effective viruses, and gives their buyers and clients access to new tools for mayhem.

While the identities of the affected companies have not been publicly revealed, we reached out to McAfee, Bitdefender, and Avast for comment. Bitdefender,  Avast, and Norton’s parent company Symantec responded and stated they were both unaffected by the breach, so if you use either one of these programs, you probably don’t need to change antivirus software.

If you’re using McAfee, or another popular service, it may be in your best interest to switch programs or double up on protection for the time being. With source code on the marketplace for hackers, your existing protection might not even be effective going forward.

Update: Symantec, Norton Antivirus’ parent company, responded to our inquiry with the following statement:

“Symantec is aware of recent claims that a number of US-based antivirus companies have been breached. We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned.”

Tags: hackers, internet, malware, security