A new technique called DoubleAgent allows an attacker to hijack security products and make them take malicious actions. The attack leverages Microsoft’s Application Verifier mechanism to load malicious code inside other applications. Cybellum researchers discovered that developers could load their own “verifier DLL”” instead of the one provided by the official Microsoft application Verifier. Even if antivirus software protects the registry keys of their processes
Source: