Starting Thursday, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers' computers across the United States and automatically replaced it with UltraAV's antivirus solution.
This comes after Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees in response to the U.S. government adding Kaspersky to the Entity List, a catalog of "foreign individuals, companies, and organizations deemed a national security concern" in June.
On June 20, the Biden administration also announced a ban on sales and software updates for Kaspersky antivirus software in the United States starting September 29, 2024, over potential national security risks.
In July, Kaspersky told BleepingComputer that it would begin closing its business and lay off the staff on July 20 because of the sales and distribution ban.
In early September, Kaspersky also emailed customers, assuring them they would continue receiving "reliable cybersecurity protection" from UltraAV (owned by Pango Group) after Kaspersky stopped selling software and updates for U.S. customers.
However, those emails failed to inform users that Kaspersky's products would be abruptly deleted from their computers and replaced with UltraAV without warning.
UltraAV force-installed on Kaspersky users' PCs
According to many online customer reports, including BleepingComputer's forums, UltraAV's software was installed on their computers without any prior notification, with many concerned that their devices had been infected with malware.
"I woke up and saw this new antivirus system on my desktop and I tried opening kaspersky but it was gone. So I had to look up what happened because I was literally having a mini heart attack that my desktop somehow had a virus which uninstalled kaspersky somehow," one user said.
To make things worse, while some users could uninstall UltraAV using the software’s uninstaller, those who tried removing it using uninstall apps saw it reinstalled after a reboot, causing further concerns about a potential malware infection.
Some also found UltraVPN installed, likely because they had a Kaspersky VPN subscription.
Not much is known about UltraAV besides being part of Pango Group, which controls multiple VPN brands (e.g., Hotspot Shield, UltraVPN, and Betternet) and Comparitech (a VPN software review website).
"If you are a paying Kaspersky customer, when the transition is complete UltraAV protection will be active on your device and you will be able to leverage all of the additional premium features," UltraAV says on its official website on a page dedicated to this forced transition from Kaspersky's software.
"On September 30th, 2024 Kaspersky will no longer be able to support or provide product updates to your service. This puts you at substantial risk for cybercrime."
"Software update" behind forced switch to UltraAV
A Kaspersky employee also shared an official statement on the company's official forums regarding the forced switch to UltraAV, saying that it "partnered with antivirus provider UltraAV to ensure continued protection for US-based customers that will no longer have access to Kaspersky's protections."
"Kaspersky has additionally partnered with UltraAV to make the transition to their product as seamless as possible, which is why on 9/19, U.S. Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," it added.
"This update ensured that users would not experience a gap in protection upon Kaspersky's exit from the market."
The company states that UltraAV has a similar feature set to its products and asked customers to review a FAQ page on UltraAV's website or contact its support team for more information.
Update September 25, 10:43 EDT: A Pango Group spokesperson told BleepingComputer after the article was published that Kaspersky "began communicating this transition to U.S. customers on September 5" and that "users with valid email addresses received direct communications and all users had access to transition notifications in-app, on MyKaspersky account pages, and via Kaspersky Labs' webpages."
Pango Group also shared a screenshot of an in-app Kaspersky pop-up notifying customers that their "Kaspersky service will soon be moving to UltraAV" and "UltraAV protection will be automatically activated" on the device as part of this transition.
It's unclear whether Kaspersky users who found UltraAV installed on their computers didn't see this notification or were confused because it didn't explain that Kaspersky would be uninstalled and replaced with UltraAV.
"Kaspersky and UltraAV are implementing the transition in waves to ensure a smooth process and to prevent any gap in protection as Kaspersky exits the market," a Kaspersky spokesperson also told BleepingComputer.
"The first group of U.S. Kaspersky antivirus customers received a software update facilitating the transition on 9/17, with additional waves planned for the coming days."
Comments
EndangeredPootisBird - 1 month ago
UltraAV is one of those copy and paste PUP's, like Protected.net's TotalAV, Scanguard and PCProtect, that use outsourced engines from Avira and Hotspot Shield.
NoneRain - 1 month ago
Damn. Imagine getting this crap instead of Kaspersky...
thatirish - 1 month ago
<p>Is the Biden crew scrutinizing Chinese software as well, or is it just the old Cold War boogeyman, the Russians?</p>
<p>The Biden administration announced an initiative to <a class="css-897g4k" href="https://www.nytimes.com/2024/09/23/us/politics/chinese-software-ban-cars-biden.html">ban Chinese-developed software from internet-connected cars</a> in the United States, justifying the move on national security grounds.</p>
Tweeks-va - 1 month ago
From June headlines, "Biden administration bans Americans from using Russian-made cybersecurity software over national security concerns"
Is that really the job of the PTOUS?
In reality, Kaspersky has a reputation of top notch AV engine and signatures.. as well as outing scary dark-state things like NSA backdoors[1].. which may actually be good for US (and world) Citizen's Liberty.. but maybe not so great for the US government controls. Especially when the US DOJ/FBI and NSA simply can't impose gag orders on Russian organizations.. which actually makes some Russian apps with a proven history of good security (like Kaspersk y Labs) MORE trustworthy for Americans, than some US based AV companies (e.g. Norton/Symantec, AVG, BitDefender, et al).
Hmmm... Maybe we should have an International agreement in place for major world powers keep each other's infosec services in check.. for the good of the people.. with some level of oversight from the likes of EFF/IETF/etc :)
[1] - https://www.reuters.com/technology/russias-fsb-says-us-nsa-penetrated-thousands-apple-phones-spy-plot-2023-06-01/
radonys - 1 month ago
AVG is Czech, Bitdefender is Romanian, so yeah, "US based companies" sure thing :))
Wannabetech1 - 1 month ago
I presume you mean "POTUS" and of course it's not, but the POTUS has long had more power than they should.
JohnC_21 - 1 month ago
What's interesting is none of the other countries in the Five Eye alliance has banned Kaspersky for consumer use.
jmwoods - 1 month ago
It was originally announced on June 20th that the Kaspersky ban would take effect on September 29th.
Little early for them to jump in and subsitute anything else.
That said, folks should have started replacement planning on June 21st.
"Hello...McFly...Anybody Home?"
wpontius - 1 month ago
My opinion, this Kaspersky ban is just paranoia based on rumor and hearsay. I would like to see evidence of spying through Kaspersky software, bet there is none. Our Government has some nerve accusing Kaspersky of spying through their AV software, when the NSA hacked all the AV software they could to spy on people after 9/11. The NSA couldn't hack Kaspersky to use for spying, never heard if they ever managed too.
electrolite - 1 month ago
Given that Kaspersky found the backdoor on the IPhone silicon, it just shows how much the US government does not like being caught with their pants down.
PregnantPickle - 1 month ago
Morning comrades, burning the midnight oil in Olgino too eh?
H8edMods - 1 month ago
@nonerain is a person that's with the team that's hacking and robbing millions of people through game systems parties and malware infected pics, videos, and links that you read about in basically every one of these articles. That means the others are in here too. Most likely the other people commenting. I know the names of them.
NoneRain - 1 month ago
Yes, I'm in this exact moment robbing billions through my BC profile pic. Please don't tell anyone, it's our secret.
deltasierra - 1 month ago
Isn't anybody concerned that Kasperski basically has a built-in backdoor? It would be one thing that they could delete their own software, but to install another arbitrary app -- especially with warning or approval from users -- is terrible customer service. If they think they were doing anyone a favor, they weren't.
I also say this not to point fingers and say "see, RUSSIA!!!" but rather how many other software vendors have this capability? The Crowdstrike Channel File 291 incident also illustrated this lack of software change consent and therefore lack of true sovereignty over our own computer systems. Microsoft is right up there too as they have a lot of little levers that they can pull behind the scenes, such as changes related to the Start Menu and taskbar.
I guess this is just the everything-as-a-service and everything-subscription world that we live in now, but there still needs to be pushback.
JustinFlynn - 1 month ago
"Isn't anybody concerned that Kasperski basically has a built-in backdoor? It would be one thing that they could delete their own software, but to install another arbitrary app -- especially with warning or approval from users -- is terrible customer service. If they think they were doing anyone a favor, they weren't."
Everybody jumped onto the politics of the article but seem to be missing this point. They installed a new software without the end users approval. What is stopping them from doing something malicious? What other programs do we have installed that can do the same thing?
Sketchy AF IMO.
NoneRain - 1 month ago
AVs have kernel level rights, they can do anything in your computer, otherwise, they wouldn't be able to take over malware.
Anyway, I don't think Kaspersky cared much about user approval after being banned.
deltasierra - 1 month ago
Yes, of course, but that doesn't mean direct remote access should be available to the software provider.
No, I'm sure they don't care, lol. I'd be peeved off too if I were them.
ken_smon - 1 month ago
Every piece of AV software I have seen is able to update itself. It would not work very well otherwise. I know that he current AV software at my workplace updates the agent by uninstalling the old agent and installing the new one.
I suspect this means that it can install almost anything.
Whatever AV product you have it can likely do the same.
electrolite - 1 month ago
From a business perspective, what Kaspersky did was smart. They got shafted by the US government, so they resigned to sell their user base to another vendor and at least get some compensation out of the whole kerfuffle. Prior to this, it was in Kaspersky's interest to maintain good protection for their customers and not pull any shenanigans. But with the current circumstances, they are not really looking for repeat customers in this particular market.
MorbiusCat - 1 month ago
Well , seems this only happened on Consumer Level platforms.
The Kaspersky Cloud based management systems don't seem to have been affected by this change, I guess they decided mucking with corporate folks was over the line?
vitaotek - 1 month ago
Hello everyone. I heard about this story and decided to test this antivirus to find out if it is good or bad.
Here is the video for anyone who wants to see the test results: https://youtu.be/AB4oZXaa4tI&list=UULFUNyU0HewM1JQVVKMAEAfyQ
Ps.: The video has subtitles, title and description in 8 languages. So that anyone can watch and understand what is being explained.
Alonzo5 - 1 month ago
Not sure why anyone is freaking out about yet more idiocy by our government. Just use a VPN. On several workstations I can confirm Kaspersky updates and works just as perfectly as it ever has. Each to his own, but I'll continue to use Kaspersky, because as so many have outlined above and elsewhere, it's one of the very best, if not the best. The U.S. government trying to ban it only CONFIRMS Kaspersky is the best, certainly for those of us in the USA. Everyone else is in bed or under the thumbs of the three letter agencies who are clearly more of a threat to the our freedoms than any external government or organization.