US-based Kaspersky users startled by unexpected UltraAV installation
A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any action on their part.
What happened?
Earlier this year, for national security reasons, the US Department of Commerce announced a US-wide ban of Kaspersky AV solutions, to be finalized in late September 2024. Consumers and organizations using Kaspersky software were urged to transition to using software by other vendors.
Earlier this month, Kaspersky began notifying users of a partnership with US-based antivirus provider UltraAV – a division of the Pango Group – and a planned transition from one solution to another, but failed to explain how it would happen.
The email notifications, which some users receieved and others claim to have not, said that UltraAV would be in touch with instructions on how to activate the users’ new account.
Unfortunately, UltraAV failed to contact customers and relied on Kaspersky’s email and in-app notifications to prepare them for the “handover” that happened on September 19, when they – according to Kaspersky – “received a software update facilitating the transition to UltraAV.”
When UltraAV appeared on their computers without them having installed it, many users believed that they’ve been saddled with malware and possibly hacked, and took to Reddit and the Kaspersky forum to complain and ask for advice on how to remove it.
A matter of trust
UltraAV’s FAQ page says that UltraAV has been activated on Windows computers, but Mac, Android and iOS users must download it themselves. They also explained how their Kaspersky account has been migrated and that their billing schedule with UltraAV will be the same as with Kaspersky.
But the fumbled handover is sure to spook many into canceling their subscription and de-installing UltraAV – as well as UltraVPN (for those who had a Kaspersky VPN subscription) – especially because UltraAV is an unknown quantity for many.
As former NSA Director of Cybersecurity Rob Joyce noted, this event has proven “why handing root-level access to Kaspersky was a huge risk.”
I expect many users – and not just those that used Kaspersky – have been shocked by the realization that an AV solution could install additional software without their permission. Which is why – Joyce opined – “you need to be paranoid about who you are giving that level of trust and control.”