Hackers have been exploiting a newly discovered flaw in the Triofox antivirus software to gain administrative control over infected systems and deploy remote access tools. The vulnerability, identified as CVE-2025-12480, was revealed by Mandiant, a cybersecurity firm that tracks and analyzes threats.
According to Mandiant, hackers are using the exploit to bypass security measures and gain access to systems running Triofox antivirus software. Once inside, they can install remote access tools (RATs) that allow them to remotely control infected systems, steal data, and conduct other malicious activities.
The Triofox flaw was discovered by researchers at a cybersecurity firm, who noted that it could be exploited using a combination of vectors, including executable files and malicious emails. Mandiant warns that this vulnerability is particularly concerning because it can be used to gain admin control over systems without requiring user interaction or privilege escalation.
Several major antivirus software vendors, including Bitdefender, Kaspersky, and Norton, have acknowledged the issue and released patches to fix the vulnerability. However, some users may not receive these updates in a timely manner, leaving them vulnerable to exploitation.
Mandiant advises users to ensure they are running the latest version of their antivirus software and to remain vigilant for suspicious activity on their systems. In addition, users can take steps to harden their systems by disabling unnecessary services and reducing privileges.
This incident highlights the ongoing threat landscape in cybersecurity, where vulnerabilities like Triofox demonstrate that even seemingly secure software can be exploited by malicious actors. As a result, users must stay informed about the latest security patches and updates to protect themselves against these types of threats.”
“Hackers Exploit Triofox Flaw to Gain Admin Control and Deploy Remote Tools via Antivirus Feature”.
