1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Another devious antivirus killer tool has been found - so make su

    From TechnologyDaily@1337:1/100 to All on Friday, August 15, 2025 16:45:07
    Another devious antivirus killer tool has been found - so make sure you're protected

    Date:
    Fri, 15 Aug 2025 15:36:00 +0000

    Description:
    AV-killing tools are gaining popularity but there are ways to mitigate the threat.

    FULL STORY ======================================================================Crypto24
    ransomware group was seen disabling AV protection before deploying the encryptor In some cases, it can even uninstall the AV programs A layered defense is the best approach to mitigate the threat

    Security researchers have found another antivirus -killing tool out there
    that hackers are using before dropping any additional payloads.

    Experts from Trend Micro have uncovered custom variant of the open source
    tool called RealBlindingEDR.

    This tool comes with a hardcoded list of antivirus company names:

    Trend Micro
    Kaspersky
    Sophos
    SentinelOne
    Malwarebytes
    Cynet
    McAfee
    Bitdefender
    Broadcom (Symantec)
    Cisco
    Fortinet
    Acronis

    When it is deployed on a device, it looks for these names in driver metadata, and if it finds one, it disables kernel-level hooks/callbacks, essentially blinding detection engines. Trend Micros researchers found the hackers are also able to silently uninstall antivirus programs altogether, opening the doors and enabling easy deployment of stage-two malware . Crypto24

    The tool was seen in the wild, used by a hacking collective called Crypto24,
    a nascent ransomware group first spotted in September 2024.

    However, the researchers believe the group consists of former members of other, defunct hacking collectives, since its members are highly skilled and experienced.

    When it gains initial access, establishes persistence, and removes antivirus roadblocks, the group usually deploys two pieces of malware - a keylogger,
    and an encryptor. All of the stolen secrets are exfiltrated into a Google Drive using a custom tool.

    The identity, or location, of Crypto24 is currently unknown. However, researchers are saying that in its short lifespan, the group successfully hit a number of large organizations in the United States, Europe, and Asia. Most of their targets are in finance, manufacturing, tech, and entertainment.

    There are many ways to protect against attacks looking to disable antivirus protection, including opting for a layered defense strategy.

    Companies can use a reputable antivirus with tamper protection, enable real-time protection and firewalls, and use a separate anti-malware tool that can work alongside an AV.

    Via BleepingComputer You might also like Top antivirus tools targeted by "killer" malware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-devious-antivirus-killer-tool-h as-been-found-so-make-sure-youre-protected


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)