Antivirus

Your antivirus is under attack from new “killer” tool – here’s what we know

EDRKillShifter is getting a dangerous upgrade The new malware can disable AV and EDR from reputable vendors Sophos, Bitdefender, and Kaspersky among the tools being targeted Cybercriminals appear to have improved their antivirus-killing capabilities, as recent research suggest a new tool being shared within the underground community. In a new report, security researchers from Sophos

Published 7 months ago in
Your antivirus is under attack from new “killer” tool – here’s what we know
  • EDRKillShifter is getting a dangerous upgrade
  • The new malware can disable AV and EDR from reputable vendors
  • Sophos, Bitdefender, and Kaspersky among the tools being targeted

Cybercriminals appear to have improved their antivirus-killing capabilities, as recent research suggest a new tool being shared within the underground community.

In a new report, security researchers from Sophos said multiple ransomware groups are successfully disabling endpoint detection and response (EDR) systems before deploying the encryptor.

Originally, the group known as RansomHub developed a tool called EDRKillShifter, which Sophos says is now made obsolete thanks to this new and improved variant. The new tool can disable security software from multiple high-end vendors such as Sophos, Bitdefender, and Kaspersky.

You may like

  • ransomware avast This devious ransomware is able to hijack your system to turn off antivirus
  • A robot hand touching a locked digital shield blocking a human from accessing data Hackers can turn off Windows Defender with this sneaky new tool
  • A digital representation of a lock This top security platform is being hacked to carry out malware threats

Shifting strategies

The malware is often packed using a service called HeartCrypt, which obfuscates the code to evade detection.

Sophos found the attackers are using all sorts of obfuscation and anti-analysis techniques to protect their tools from security defenders, and in some cases, they’re even using signed drivers (either stolen or compromised).

In one case, the malicious code was embedded inside a legitimate utility, Beyond Compare’s Clipboard Compare tool, the researchers explained.

Sophos also said that multiple ransomware groups are using this new EDR-killing tool, suggesting a high level of collaboration between players.

EDRKillShifter was first spotted in mid-2024, after a failed attempt to disable an antivirus and deploy ransomware.

Sophos then uncovered that the malware dropped a legitimate, but vulnerable driver.

Now, it seems there is a new method – taking an already legitimate executable and modifying it locally by inserting malicious code and payload resources (as was the case with Beyond Compare’s tool). This is often done after the attacker has access to a

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Antivirus

Your antivirus is probably slowing your PC more than protecting it

Antivirus is one of the first things most people install on a new PC. After all, nobody wants malware ruining their PC or, worse, stealing their data. And to be fair, most popular antivirus suites do a decent job of protecting your PC. But the problem is, they aren’t exactly optimized to be lean or

Published 2 weeks ago in
Your antivirus is probably slowing your PC more than protecting it

Antivirus is one of the first things most people install on a new PC. After all, nobody wants malware ruining their PC or, worse, stealing their data. And to be fair, most popular antivirus suites do a decent job of protecting your PC. But the problem is, they aren’t exactly optimized to be lean or lightweight. And things have become even worse ever since antivirus suites have started bundling extras like VPNs, parental controls, and browser add-ons.

All of this leaves the apps and games you actually use with fewer resources, which causes frequent slowdowns and even lag. So the uncomfortable irony is that the software meant to protect your PC ends up being the very thing holding it back.

How antivirus software can slow down your PC

When constant protection becomes constant pressure

TippaPatt</a>/Rawpixel</a>/Shutterstock””>

person using antivirus scanning tool-1
Miker Rivero/MakeUseOf/TippaPatt/ShutterstockRawpixel/Shutterstock
Credit: Miker Rivero/MakeUseOf/TippaPatt/Rawpixel/Shutterstock

Antivirus softwares love to present themselves as silent protectors. Always watching, always keeping you safe, and never getting in your way. Sure enough, part of this is true. They work in the background, but it’s not without any impact.

Antivirus programs work by scanning files as they are opened, downloaded, copied, or modified. That means every app you launch and every document you touch triggers a quick inspection. There are also the scheduled scans, which often run when you least expect them. So if your PC has ever felt slow, even when you’ve got nothing running, it’s probably the antivirus program combing through your files in the background.

Now, the performance hit isn’t the same every time. During light, routine scans, the impact can be minimal, anywhere from 0 to 20 percent. However, during full or partial scans, this can rise up to as high as 50 percent. The impact also varies depending on the antivirus program you’re using. Some are lightweight and efficient, while others are far more demanding.

Most of the time, you may not even notice this slowdown. But as soon as you start gaming, editing videos, or running any resource-intensive apps, the story will change. That’s when both your app or game and antivirus program start to compete for the same system resources, and the performance takes a hit.

To make matters worse, modern antivirus rarely sticks to just antivirus duties. Most of them come bundled with all sorts of extras, like VPNs, password managers, and system optimizers. All of these extras run separate processes. So yes, it’s not just one program you’re dealing with. Your PC is actually running multiple different software under a single name.

You can verify if the antivirus is the bottleneck

Be sure before you act

!–>

Read More

Continue Reading
Antivirus

If you’re struggling to play tactics sim Menace, it could be because your antivirus is randomly deleting files

This week saw the early access launch of turn-based tactics game Menace, created by the piss-swigging misanthropes behind Battle Brothers. Julian has been having a wonderful time playing it and learning about the importance of spare ammo and adequate reconnaissance. It could have been worse, Julian…

Published 2 weeks ago in
If you’re struggling to play tactics sim Menace, it could be because your antivirus is randomly deleting files

This week saw the early access launch of turn-based tactics game Menace, created by the piss-swigging misanthropes behind Battle Brothers. Julian has been having a wonderful time playing it and learning about the importance of spare ammo and adequate reconnaissance. It could have been worse, Julian…
Read More

Continue Reading
Antivirus

You don’t need to pay for third-party antivirus software to protect your PC anymore

Summary Most consumer devices already come with strong default security measures equivalent to or better than third-party software. Common vectors of attack for malware are already blocked by modern systems before they even reach your antivirus program. Individual consumer PCs are not a primary target for cybercriminals, and cyberattacks are often conducted by exploiting vulnerabilities

Published 3 weeks ago in
You don’t need to pay for third-party antivirus software to protect your PC anymore

Summary

  • Most consumer devices already come with strong default security measures equivalent to or better than third-party software.
  • Common vectors of attack for malware are already blocked by modern systems before they even reach your antivirus program.
  • Individual consumer PCs are not a primary target for cybercriminals, and cyberattacks are often conducted by exploiting vulnerabilities against third-party software, not the computer OS itself.

Do you still pay for third-party antivirus software like Norton or McAfee? You may be surprised to learn that there’s no real benefit to doing so. Software like this is mostly obsolete today.

Who pays for third-party antivirus software, and why?

It might sound like a bold claim, saying that you don’t need third-party antivirus software anymore. After all, recent statistics show that roughly half of American consumers use such programs. Interestingly enough, those same statistics also show that users over 65 are more than twice as likely to subscribe to paid antivirus software than those under 45.

Why is that? Well, there is certainly more than one reason, but a big one is simply misunderstanding and tradition.

In the past, having third-party antivirus software was prudent, almost mandatory to keep your computer safe. Some people who grew up in that era are comfortable with the idea of paying for these subscriptions, not realizing that things have changed: your computer protects itself just fine these days.

Not only do computers come out of the box equipped with incredibly good security these days, but most malware threats aren’t even targeting individual consumers. But you don’t have to take my word for it right away. Let’s dive into this in more detail.

Default security measures are more than enough today

All of your consumer devices come with default protection right off the shelf. With iOS and Android, their official app stores weed out malware and keep you safe. Mac has been using XProtect anti-malware for more than a decade, and it has an excellent record.

A screen showing an update for Windows Defender on Windows 11. Credit: Microsoft

Windows has Microsoft Defender Antivirus, which has consistently aced security tests run by third-party organizations. Since around seven years ago, Defender Antivirus has consistently earned perfect or near-perfect scores in protecting your PC.

Needless to say, that’s as good as it gets, and the program comes free with your Windows computer. There’s no paid antivirus software that can outperform this free, default option from Microsoft. They may offer more features, but not more practical benefits. But even beyond these built-in systems, there are other re

Read More

Continue Reading
Antivirus

AV vendor goes to war with security shop over update server scare

eScan lawyers up after Morphisec claimed ‘critical supply-chain compromise’ A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.……

Published 3 weeks ago in
AV vendor goes to war with security shop over update server scare

eScan lawyers up after Morphisec claimed ‘critical supply-chain compromise’ A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.……
Read More

Continue Reading