Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
A recently disclosed vulnerability in the Triofox software, CVE-2025-12480, has been exploited by hackers to gain administrative control over systems and deploy remote access tools. The vulnerability, which was reported earlier this year, allows attackers to execute arbitrary code on infected machines, potentially leading to unauthorized access and data theft.
Mandiant, a cybersecurity firm that specializes in threat hunting and incident response, has revealed that hackers are using the Triofox vulnerability to infect systems via antivirus software. According to Mandiant, the attackers are exploiting a specific feature of the antivirus software that allows them to install remote access tools on infected machines.
The attack vector involves tricking users into installing an updated version of the antivirus software that contains the vulnerable Triofox component. Once the software is installed, the hackers can use it to gain administrative access to the system and deploy additional malware.
This vulnerability has significant implications for organizations that use Triofox software as part of their antivirus solutions. As Mandiant notes, the exploit allows attackers to maintain a persistent presence on infected systems, making it difficult to detect and remove malicious activity.
To mitigate this risk, organizations should consider upgrading to newer versions of the antivirus software or implementing additional security controls, such as intrusion detection and prevention systems. Individuals can also take steps to protect themselves by avoiding suspicious email attachments and updates, and keeping their operating systems and software up to date with the latest security patches.
The discovery of this vulnerability highlights the ongoing threat landscape in the cybersecurity world. As new vulnerabilities are disclosed, it is essential for organizations and individuals to remain vigilant and take proactive steps to secure their systems and data.
In related news, several major antivirus software vendors have issued statements confirming that they are aware of the vulnerability and are working to release patches. However, some users have reported difficulty in obtaining updated versions of their software, highlighting the need for greater awareness and communication from security software providers about potential threats.
