Last week, users of Kaspersky anti-virus software found that the software had been uninstalled from their computers and that UltraAV's anti-virus had been installed in its place. The users had not consented to or initiated any of it.
Kaspersky anti-virus was banned on government computers in 2017 and will be banned entirely in the United States on September 29th due to the company's connections to Russia. Kaspersky had indicated that it would "gradually wind down" its US operations. Users were notified earlier this month via e-mail that they would "be able to maintain reliable cybersecurity protection from our trusted partner – UltraAV," with further instructions to follow.
However, users on the forums at BleepingComputer and elsewhere found the new software installed without any action on their part:
"I woke up and saw this new antivirus system on my desktop and I tried opening kaspersky but it was gone. So I had to look up what happened because I was literally having a mini heart attack that my desktop somehow had a virus which uninstalled kaspersky somehow," one user said.
To make things worse, while some users could uninstall UltraAV using the software's uninstaller, those who tried removing it using uninstall apps saw it reinstalled after a reboot, causing further concerns about a potential malware infection.
Some also found UltraVPN installed, likely because they had a Kaspersky VPN subscription
It is certainly possible that there was no nefarious intent, and Kaspersky was only trying to ease the transition for their customers. However, essentially hijacking their PCs is not a good look for a cybersecurity company and is not likely to instill confidence in UltraAV.
Previously: Russian software security firm Kaspersky threatened to 'rub out' rival, email reveals