antivirus evasion Archives

Tech Optimizer

December 9, 2025

Warning! Engineered Linux Malware Can Bypass Next-Gen Anti-Virus Solutions – Open Source For You

The author created a custom reverse TCP payload using Python, packaged it into an .elf executable, and tested its stealthiness against antivirus software. The payload included functionalities such as webcam snapshots, keylogging, screen capture, and file transfers. Established tools for obfuscation often triggered antivirus alerts, prompting the author to develop a custom solution to avoid signature-based detection, maintain behavioral control, and gain insights into detection engines. The payload was designed to connect back to the attacker's machine and execute commands, while the listener processed incoming data. After compiling the binary, it was submitted to VirusTotal, where only four out of 64 antivirus engines flagged it, indicating that custom code can bypass many next-gen antivirus products.

Tech Optimizer

September 15, 2025

Chinese malware is flooding GitHub pages – HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning

Chinese users are facing malware campaigns that utilize spoofed download sites and SEO poisoning. The malware includes kkRAT, which has advanced capabilities such as clipboard hijacking, remote monitoring, and antivirus evasion. Attackers have also exploited GitHub Pages to host phishing sites.

Tech Optimizer

July 28, 2025

Renting Android Malware With 2FA Interception, AV Bypass is Getting Cheaper Now

The cybercriminal landscape is experiencing a transformation with the emergence of malware-as-a-service (MaaS) platforms targeting Android devices, allowing individuals with minimal technical skills to deploy advanced mobile threats through accessible subscription-based malware kits. Notable platforms include PhantomOS, priced at 9 monthly, offering features like remote application installation and two-factor authentication bypass, and Nebula, starting at 0 monthly, which provides automated data extraction of SMS, call logs, and GPS data. Both platforms utilize Telegram for command and control, enabling easy management of infected devices. These MaaS platforms employ advanced evasion techniques, utilizing fully undetectable malware that can bypass major security measures, ensuring persistence and compatibility with various Android versions, including the latest Android 15. This shift signifies a move toward industrialized cybercrime, where specialized providers handle technical complexities, allowing criminals to focus on targeting victims.

Tech Optimizer

December 5, 2024

Hackers bypass antivirus using corrupted files

Researchers at ANY.RUN have identified a zero-day attack campaign operational since at least August 2024, which employs corrupted files to bypass security measures. Attackers use corrupted files, often disguised as ZIP archives or DOCX documents, to exploit vulnerabilities in file-handling processes, allowing them to evade antivirus software, sandbox environments, and email spam filters. These files execute malicious code when opened, despite their damaged appearance. Conventional antivirus solutions struggle to scan these files effectively, static analysis tools fail to process them, and advanced email filters cannot intercept them. ANY.RUN’s interactive sandbox can dynamically analyze these corrupted files in real-time, identifying malicious activity that traditional security tools miss. The attack process involves delivering a corrupted file via email, leading to detection failure by security tools, execution through built-in recovery mechanisms in applications, and identification of malicious behavior by the sandbox. This highlights the need for advanced threat detection techniques to maintain robust cybersecurity.

Tech Optimizer

June 10, 2024

This stealthy new malware can apparently avoid all antivirus scanners

Cybersecurity researchers have discovered a new version of the Raspberry Robin malware that is adept at eluding antivirus programs. The malware was observed in a campaign in March 2024 and is designed to bypass Microsoft Defender Antivirus exclusion rules, making it difficult to detect. The malware's scripts are currently undetected by antivirus scanners on VirusTotal, highlighting its sophistication and potential threat. Raspberry Robin, also known as the QNAP worm, was initially identified in September 2021 and spread through malicious USB devices.