HomeNewsKaspersky Security Flaw Exposes Millions to Hacks

Kaspersky Security Flaw Exposes Millions to Hacks

If you purchase via links on our reader-supported site, we may receive affiliate commissions.

Kaspersky security flaw is a recent discovery by German reporter – Ronald Eikenberg.

He revealed the security flaw in Kaspersky Antivirus; which leaves millions of users exposed to cyber-espionage and more aggressive cyberattacks.

As reported by Jeb Su – an executive officer at Atherton Research – Eikenberg made his discovery while testing the antivirus for a publication. During the test, he noticed a strange feature in the source code (HTML) of a website. After further investigation, he discovered that Kaspersky was injecting Java scripts into pages of websites; creating a loophole for cyber-espionage, while exposing users to cyberattacks.

According to Eikenberg (as reported by Jeb Su), the Java script injection was an attempt to establish interaction between the antivirus and host computers’ browsers. However, cybercriminals are leveraging on the resulting loophole – bastardizing the initial intention of the developers.

Surprisingly, this feature has been around for about three years now (since 2016); and it’s believed that millions of Kaspersky users, particularly those using Windows, have been victims of cyber-espionage – occasioned by the “Kaspersky security flaw”.

The imminence of cyberattack from Kaspersky security flaw

The injection of Java script into users’ webpages was classified as a “privacy breach” by Ronald Eikenberg. According to the German reporter, the script allows Kaspersky to sniff users’ web traffic; this way, they gain firsthand knowledge about users’ browsing experience.

Furthermore, the Eikenberg stressed that; ‘Even the incognito mode offers no protection against Kaspersky’s tracking’. This, of course, is a serious privacy breach by Kaspersky. And it’s believed that hackers have been leveraging on this breach since 2016 to spy on millions of users. Worse still, users are greatly at risk of more aggressive cyberattacks.

Kaspersky Labs’ response

In response to this damning revelation by Eikenberg, Kaspersky Labs “feigned” ignorance of the security flaw. The security company claimed they lack prior knowledge of the leak created by the “Java script” feature.

In their words, as made available by Atherton Research: Kaspersky is working on fixing the security flaw.

The released patch & Atherton’s recommendation

Kaspersky Labs made good on their promise to address the leak by releasing a patch to fix the leak. The patch assigns a uniform identifier to all Kaspersky Antivirus users. This makes it much more difficult to access individual’s personal information. Nonetheless, users are still exposed, as hackers can easily determine whether a user is using the patched version or not.

Ultimately, to prevent the “Kaspersky security flaw” and eliminate associated risks, users are advised to disable the “spy Javascript”. This can be done, manually, in the antivirus program’s settings.


Kaspersky has fixed the bug issue 24 hours after the discovered flaw.

Want to know more about cybersecurity?.

READ ALSO: Full Review of Kaspersky Antivirus

CHECK OUT: Our Antivirus Special Offers And Deals



Subscribe to SecureBlitz Newsletter

* indicates required
Chandra Palan
Chandra Palan
Chandra Palan is an Indian-born content writer, currently based in Australia with her husband and two kids. She is a passionate writer and has been writing for the past decade, covering topics ranging from technology, cybersecurity, data privacy and more. She currently works as a content writer for SecureBlitz.com, covering the latest cyber threats and trends. With her in-depth knowledge of the industry, she strives to deliver accurate and helpful advice to her readers.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.