Alleged Antivirus Killer Software Is Actually A Disguised BYOVD
A threat actor named Spyboy is advertising a tool called "Terminator" on a Russian-speaking hacking forum, claiming that it can bypass various antivirus, Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) security solutions, including Windows Defender, ranging the prices from 300$ to 3000$ for every feature. However, according to cybersecurity firm CrowdStrike, Terminator instead drops the legitimate, signed Zemana anti-malware kernel driver named into the Windows system folder and uses its privileges to disable user-mode processes of security software. Proof-of-concept released back in 2021 demonstrated that flaws in the driver could be exploited to execute commands with Windows Kernel privileges, potentially terminating protected security software processes. Read more...