US Kaspersky customers report replacement antivirus forcibly installed following ban

Customers woke up to entirely new software installed on their computers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Kaspersky customers in the US have found theirantivirus softwarehas been replaced without warning with a new solution called UltraAV.

The US government recentlypassed a law banning the sale of Kaspersky security softwareand the subsequent updates for installed software, resulting in the company’s exit from the US market.

Customers reported on social media that the update was pushed without the ability to accept or decline UltraAV, despite notification emails supposedly being sent at least a few weeks prior to the update.

Demonstration of Kaspersky danger

The US has long argued Kaspersky software is at risk of being manipulated by the Russian government to hand over secrets and control of the computers it is installed on, with an initial ban on Kaspersky products from being used within federal agencies being followed by a complete commercial sales ban from July 20, and finally with a Federal Communications Commission (FCC)ban on the use of Kaspersky software within telecommunicationsequipment at the beginning of September 2024.

At around the same time as the FCC ban,Axios reportedthat Kaspersky had offloaded its antivirus customers to the Pango Group, which owns UltraAV.

Kaspersky confirmed the transition in a post by Vadim M. on the company’s forum, stating, “Kaspersky has additionally partnered with UltraAV to make the transition to their product as seamless as possible, which is why on 9/19, U.S. Kaspersky antivirus customers received a software update facilitating the transition to UltraAV. This update ensured that users would not experience a gap in protection upon Kaspersky’s exit from the market.”

Former National Security Agency director of cybersecurity, Rob Joyce, commented on the transition onX(formerly Twitter), saying, “This is why handing root-level access to Kaspersky was a huge risk. Users were “migrated” - software uninstalled and a totally different product was installed automagically. They had total control of your machine.” It is worth noting that many antivirus products and anti-cheat software commonly use root-level access to scan for harmful files or software used to cheat in games.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

A spokesperson for UltraAV toldTechRadar Prothat Kaspersky customers were notified multiple times both by Kaspersky and UltraAV both through the Kaspersky app, emails, and through the Kaspersky site. Additionally, “The transition of Kaspersky users to UltraAV was managed directly by Kaspersky; UltraAV could only contact the customers once they formally transitioned and became customers of UltraAV,” the spokesperson said.

“Following the communications from Kaspersky, customers had the ability to cancel their accounts directly with Kaspersky customer service and therefore, would not be switched over. If customers have already signed up with another AV provider and did not cancel their accounts, they can opt out of UltraAV and work with thecustomer service teamto cancel and uninstall their account if they do not want to move forward with the service,” the spokesperson said.

The Kaspersky notification email notes that customers who have maintained their antivirus plan and transitioned over to UltraAV will have access to apassword manager,VPN, andidentity theft protection.

ViaTechCrunch

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Mount-It Electric Standing Desk review

One more AMD eGPU docking station goes on sale — but it doesn’t have USB 4.0, can’t accommodate an M.2 SSD and requires an OCuLink connector to feed the RX 7600M XT chip

7 myths about email security everyone should stop believing