Ahead of its looming U.S. ban, Kaspersky has automatically replaced its antivirus software with UltraAV on customers’ computers. This change, which is limited to the United States, occurred without warning or customer consent.

A software update issued on September 16th triggered the antivirus swap-out. An employee wrote on the Kaspersky forums that UltraAV, a relatively unknown antivirus software from Pango Group, “will ensure continued protection for U.S.-based customers that will no longer have access to Kaspersky’s protections.” However, many customers rightfully mistook their new antivirus software for malware.

“Users were ‘migrated’—software uninstalled and a totally different product was installed automagically,” former NSA cybersecurity director Rob Joyce pointed out on X. “They had total control of your machine.” No warnings were provided for Windows users, but people using Kaspersky on Mac and Android were spared from an automatic transition and simply asked to install UltraAV.

Those with a Kaspersky VPN subscription saw Pango Group’s UltraVPN app installed, too. “If you are a paying Kaspersky customer, when the transition is complete UltraAV protection will be active on your device and you will be able to leverage all of the additional premium features,” Kaspersky wrote in an email blast to its U.S. customers.

While there is nothing immediately suspicious about UltraAV, it’s an unknown app and an unannounced guest. Customers are rightfully concerned by Kaspersky’s ability to automatically install this app on their computers. They’re right to question Kaspersky’s obscure forebear, too.

Bleeping Computer also found that Pango Group, which owns three VPN apps (Hotspot Shield, UltraVPN, and Betternet), runs a VPN review website called Comparitech. This behavior is completely inappropriate for a cybersecurity company and should raise eyebrows.

We suggest that you uninstall UltraAV immediately. Unfamiliar applications should not have root access to your machine, especially applications that install themselves without warning or consent. Third-party uninstallers do not appear to permanently remove the application, so you may need to use the app’s official uninstaller.

Kaspersky will be formally banned in the United States on September 29th, 2024. As a Russian-based group, Kaspersky found itself on the government’s Entity list of companies that could pose a risk to national security. Some cybersecurity experts now point to the Kaspersky-UltraAV swap-out as evidence of this risk.

Source: Bleeping Computer