antivirus software Archives

Tech Optimizer

May 23, 2025

Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has identified a new strain of backdoor malware that works with a Monero coin miner, utilizing the PyBitmessage library for covert P2P communications. This malware uses encryption to secure data exchanges and anonymize identities, complicating detection by security tools. It decrypts resources using XOR operations to deploy a Monero miner and a backdoor component. The Monero miner exploits the cryptocurrency's anonymity, while the backdoor, created with PowerShell, installs PyBitmessage and retrieves files from GitHub or a Russian file-sharing platform. Commands are executed as PowerShell scripts, making detection difficult. The malware may be distributed as legitimate software or cracked files. ASEC advises caution with unverified files and recommends keeping security solutions updated. Indicators of Compromise (IOCs): - MD5: 17909a3f757b4b31ab6cd91b3117ec50 - MD5: 29d43ebc516dd66f2151da9472959890 - MD5: 36235f722c0f3c71b25bcd9f98b7e7f0 - MD5: 498c89a2c40a42138da00c987cf89388 - MD5: 604b3c0c3ce5e6bd5900ceca07d587b9 - URLs: - http://krb.miner.rocks:4444/ - http://krb.sberex.com:3333/ - http://pool.karbowanec.com:3333/ - http://pool.supportxmr.com:3333/ - https://spac1.com/files/view/bitmessage-6-3-2-80507747/

Winsage

May 22, 2025

Hackers can disable Windows Defender

A new tool called Defendnot can disable Windows Defender by masquerading as another antivirus program, exploiting a limitation of the Windows operating system that prevents multiple antivirus solutions from running simultaneously. When Defendnot is installed, Windows automatically disables Defender, leaving systems vulnerable. Cybersecurity experts recommend using robust antivirus solutions like TotalAV for additional security.

Tech Optimizer

May 21, 2025

Defendnot Disarms Windows Defender by Pretending to Be a Friend

A newly developed security program called Defendnot can deceive and disable Windows Defender, even without legitimate antivirus software installed. It alters the system to appear as a genuine antivirus program, allowing hackers to neutralize Windows Defender's protective measures. Defendnot operates through an undocumented API that antivirus software uses to register with the Windows Security Center, causing Microsoft Defender to deactivate. Developed by security researcher es3n1n, Defendnot injects a DLL file into the Taskmgr.exe process, misleading Windows into believing an antivirus is present. Although created for research purposes, it can be misused by cybercriminals. Microsoft Defender recognizes Defendnot as a Trojan and quarantines it upon detection.

Tech Optimizer

May 20, 2025

Bitcoin stealer malware found in official printer drivers

Procolored, a printer manufacturer based in Shenzhen, has been accused of distributing malware designed to steal Bitcoin through its printer drivers. The malware, embedded in USB drivers, has reportedly stolen approximately 9.3 BTC, valued at over 3,000. A backdoor program in the compromised drivers can hijack wallet addresses copied to the clipboard. Users are advised to conduct system scans and consider a complete system reset. The issue was first highlighted by YouTuber Cameron Coward, whose antivirus software flagged the malware. Procolored denied the allegations but later acknowledged the problem, stating they removed the infected drivers and attributed the malware to a supply chain compromise. Cybersecurity firm G-Data confirmed the presence of two types of malware in the drivers.

Tech Optimizer

May 20, 2025

Shuswap resident scammed out of $9,000 by fake antivirus software representative

A resident of Blind Bay lost ,000 in a computer fraud scheme after being persuaded by a caller claiming to represent Norton antivirus. The victim, whose identity is confidential, was convinced to withdraw money from her bank account and deposit it into a Bitcoin account. Local police are investigating the case and have highlighted the importance of public awareness regarding such scams. Resources for recognizing and avoiding fraud include the BC RCMP Frauds and Scams, Canadian Anti-Fraud Centre, Canadian Telecoms Association, and Competition Bureau of Canada.

Tech Optimizer

May 19, 2025

This new Defendnot trojan can get Windows to disable its own antivirus software

A researcher using the pseudonym es3n1n has created a tool called Defendnot that manipulates Windows operating systems to disable Microsoft Defender, making devices vulnerable to malware. Defendnot simulates the presence of a legitimate antivirus by using an undocumented API in the Windows Security Center, convincing Windows that a valid antivirus is installed. This development raises concerns about cybersecurity, as it undermines the effectiveness of built-in antivirus protections like Windows Defender.

Tech Optimizer

May 19, 2025

A spoof antivirus makes Windows Defender disable security scans

A researcher known as es3n1n explored Windows security mechanisms to bypass antivirus software validation checks in the Windows Security Center (WSC). He used tools like dnSpy and Process Monitor to analyze how legitimate antivirus solutions register with WSC. He confirmed that WSC validates the signatures of processes calling its APIs. Previously, es3n1n faced controversy when his project, no-defender, was removed from GitHub due to a DMCA takedown request from a software vendor.

Tech Optimizer

May 18, 2025

Do I need antivirus software for Windows 11?

Windows 11 accounts for nearly 44% of global desktop users as of April 2025, making it a prime target for cybercriminals, with 83% of malware in 2020 aimed at Windows systems. Microsoft Defender, which comes pre-installed with Windows 11, offers commendable malware protection, basic ransomware protection, a SmartScreen feature for anti-phishing, and a firewall that monitors network traffic. While it provides a solid foundation for security, additional third-party antivirus software can enhance protection, offering more comprehensive features such as superior parental controls, integrated VPN services, and identity theft protection.

Tech Optimizer

May 17, 2025

Do You Really Need Antivirus on Windows 11? Probably Not—Here’s Why

Windows 11 has robust built-in security features that may reduce the need for third-party antivirus software. Windows Security now offers comprehensive protection, including real-time malware detection, firewall protection, SmartScreen alerts, hardware-level security, account monitoring, and system health reports. According to AV-TEST results from January and February 2025, Microsoft Defender Antivirus scored 6.0/6.0 in protection, performance, and usability, effectively stopping advanced malware and phishing attempts with minimal system resource usage. Users of Microsoft Edge benefit from SmartScreen filtering, while those using other browsers receive system notifications for network protection. Basic digital hygiene practices, such as avoiding suspicious downloads and keeping software updated, are crucial for security. Third-party antivirus solutions may offer additional features but can lead to performance issues and privacy concerns. For casual users who maintain their systems and practice safe browsing, Windows Security is generally sufficient, while those handling sensitive information or needing advanced features may consider premium antivirus options.

Tech Optimizer

May 17, 2025

New ‘Defendnot’ tool tricks Windows into disabling Microsoft Defender

A tool named Defendnot can disable Microsoft Defender on Windows devices by registering a counterfeit antivirus product using an undocumented Windows Security Center (WSC) API. Developed by researcher es3n1n, it exploits the API to register a fictitious antivirus that meets Windows' validation criteria, leading to the automatic disabling of Microsoft Defender. Defendnot circumvents security measures by injecting a dummy antivirus DLL into the trusted Taskmgr.exe process. It also includes a loader for configuration customization and establishes an autorun entry through the Windows Task Scheduler for persistence. Microsoft Defender currently detects and quarantines Defendnot as a Win32/Sabsik.FL.!ml.