Russian cybersecurity firm Kaspersky has implemented a significant change by removing its anti-malware software from the computers of its US customers, replacing it automatically with UltraAV’s antivirus solution.
This development follows Kaspersky’s announcement of the cessation of its US operations, which includes layoffs of employees located in the country. The decision comes in the wake of the US government’s addition of Kaspersky to the Entity List, a roster of foreign entities deemed a national security risk, in June this year.
Kaspersky US troubles continue
On 20 June, the Biden administration declared a ban on the sale and software updates for Kaspersky’s antivirus software in the country, effective from 29 September 2024 due to concerns over national security.
Subsequently, the Russian company was reported to have disclosed that it would begin winding down its US business and initiate staff layoffs starting 20 July, following the sales and distribution ban.
Earlier this month, Kaspersky assured its customers through an email that they would continue to receive reliable cybersecurity protection via UltraAV, a product of the Pango Group. However, the communication failed to mention that Kaspersky’s products would be abruptly uninstalled from users’ computers and replaced with UltraAV.
Pango Group manages various VPN brands, including Hotspot Shield, Betternet, as well as Comparitech, a website that reviews VPN software. Earlier this month, Pango Group agreed to acquire Kaspersky’s US antivirus customers, as per a story broken by Axios.
Various reports from customers online indicate that UltraAV was installed without prior notification. Many users expressed alarm, fearing their devices may have been compromised by malware.
While some users could uninstall UltraAV with its uninstaller, others found that attempts to remove it through standard uninstallation methods resulted in the software being reinstalled after a reboot. These raised further suspicions about potential malware infections.
Additionally, some customers reported the unexpected installation of UltraVPN, likely linked to existing Kaspersky VPN subscriptions.
According to UltraAV’s website, Kaspersky’s paid customers will have UltraAV protection activated on their devices after the transition is complete, with access to additional premium features.
The site cautions that from 30 September 2024, Kaspersky will no longer provide support or updates, placing users at increased risk of cybercrime.
A Kaspersky employee provided clarification on the company’s forums regarding the forced transition to UltraAV, stating that Kaspersky partnered with the antivirus provider to ensure continued protection for US customers.
The employee explained that on 19 September, US Kaspersky antivirus customers received a software update to facilitate the transition to UltraAV, designed to prevent any gaps in protection as Kaspersky exits the market.