Antivirus Archives

Tech Optimizer

May 23, 2025

Cloudflare, Microsoft & police disrupt global malware service

Cloudflare, in collaboration with Microsoft and international law enforcement, has dismantled the infrastructure of LummaC2, an information-stealing malware service. This initiative led to the seizure and blocking of malicious domains and disrupted digital marketplaces used by criminals. Lumma Stealer operates as a subscription service providing threat actors access to a central panel for customized malware builds and stolen data retrieval. The stolen information includes credentials, cryptocurrency wallets, and sensitive data, posing risks of identity theft and financial fraud. Lumma Stealer was first identified on Russian-language crime forums in early 2023 and has since migrated to Telegram for distribution. Its proliferation is facilitated by social engineering campaigns, including deceptive pop-ups and bundled malware in cracked software. Cloudflare implemented measures to block access to Lumma's command and control servers and collaborated with various authorities to prevent the criminals from regaining control. Mitigation strategies for users include restricting unknown scripts, limiting password storage in browsers, and using reputable endpoint protection tools. The operation has significantly hindered Lumma's operations and aims to undermine the infostealer-as-a-service model contributing to cybercrime.

Tech Optimizer

May 23, 2025

Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has identified a new strain of backdoor malware that works with a Monero coin miner, utilizing the PyBitmessage library for covert P2P communications. This malware uses encryption to secure data exchanges and anonymize identities, complicating detection by security tools. It decrypts resources using XOR operations to deploy a Monero miner and a backdoor component. The Monero miner exploits the cryptocurrency's anonymity, while the backdoor, created with PowerShell, installs PyBitmessage and retrieves files from GitHub or a Russian file-sharing platform. Commands are executed as PowerShell scripts, making detection difficult. The malware may be distributed as legitimate software or cracked files. ASEC advises caution with unverified files and recommends keeping security solutions updated. Indicators of Compromise (IOCs): - MD5: 17909a3f757b4b31ab6cd91b3117ec50 - MD5: 29d43ebc516dd66f2151da9472959890 - MD5: 36235f722c0f3c71b25bcd9f98b7e7f0 - MD5: 498c89a2c40a42138da00c987cf89388 - MD5: 604b3c0c3ce5e6bd5900ceca07d587b9 - URLs: - http://krb.miner.rocks:4444/ - http://krb.sberex.com:3333/ - http://pool.karbowanec.com:3333/ - http://pool.supportxmr.com:3333/ - https://spac1.com/files/view/bitmessage-6-3-2-80507747/

Winsage

May 23, 2025

Hackers can disable Windows Defender

A new tool called Defendnot can disable Windows Defender by masquerading as a legitimate antivirus program, exploiting a feature of Windows that allows only one antivirus solution to operate at a time. When Defendnot is installed, Windows automatically disables Defender, leaving systems vulnerable to cyber threats.

Winsage

May 22, 2025

Hackers can disable Windows Defender

A new tool called Defendnot can disable Windows Defender by masquerading as another antivirus program, exploiting a limitation of the Windows operating system that prevents multiple antivirus solutions from running simultaneously. When Defendnot is installed, Windows automatically disables Defender, leaving systems vulnerable. Cybersecurity experts recommend using robust antivirus solutions like TotalAV for additional security.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Tech Optimizer

May 21, 2025

Defendnot Disarms Windows Defender by Pretending to Be a Friend

A newly developed security program called Defendnot can deceive and disable Windows Defender, even without legitimate antivirus software installed. It alters the system to appear as a genuine antivirus program, allowing hackers to neutralize Windows Defender's protective measures. Defendnot operates through an undocumented API that antivirus software uses to register with the Windows Security Center, causing Microsoft Defender to deactivate. Developed by security researcher es3n1n, Defendnot injects a DLL file into the Taskmgr.exe process, misleading Windows into believing an antivirus is present. Although created for research purposes, it can be misused by cybercriminals. Microsoft Defender recognizes Defendnot as a Trojan and quarantines it upon detection.

Tech Optimizer

May 20, 2025

Bitcoin stealer malware found in official printer drivers

Procolored, a printer manufacturer based in Shenzhen, has been accused of distributing malware designed to steal Bitcoin through its printer drivers. The malware, embedded in USB drivers, has reportedly stolen approximately 9.3 BTC, valued at over 3,000. A backdoor program in the compromised drivers can hijack wallet addresses copied to the clipboard. Users are advised to conduct system scans and consider a complete system reset. The issue was first highlighted by YouTuber Cameron Coward, whose antivirus software flagged the malware. Procolored denied the allegations but later acknowledged the problem, stating they removed the infected drivers and attributed the malware to a supply chain compromise. Cybersecurity firm G-Data confirmed the presence of two types of malware in the drivers.

AppWizard

May 20, 2025

Best Android Security Apps for Enterprise and Personal Use

Android holds a 71.65% market share as the leading mobile operating system. In 2025, users face sophisticated cyber threats such as ransomware and phishing scams. Android Enterprise provides a multi-layered defense system validated by the U.S. Department of Defense, featuring AI-driven threat detection that blocks 99.8% of malware through 100,000 daily app scans. It supports three device management models: Fully Managed Devices (COBO), Work Profiles (BYOD), and Dedicated Kiosk Mode. Recent enhancements include automated security patch deployment and hardware-backed key attestation. Leading Mobile Device Management (MDM) solutions include TinyMDM, which offers real-time location tracking and remote device wiping, and integrates with Microsoft Intune for conditional access. Harmony Mobile combines app reputation scanning with network-level phishing prevention. Emerging trends in enterprise security include AI-powered anomaly detection, with 42% of enterprises adopting Zero Trust principles, and rugged device management optimized for industrial environments. For personal protection, Bitdefender Mobile Security leads AV-Test rankings, Kaspersky Premium blocks 5.6 million malware attacks monthly, and Norton 360 Deluxe includes biometric app locking. Privacy tools like ExpressVPN and DuckDuckGo Privacy Browser enhance user security. Google's Project Zero reports a 35% decline in critical Android vulnerabilities, attributed to improved patch adoption. The convergence of enterprise and personal security solutions is emphasized, with a focus on AI/ML integration for enterprises and comprehensive protection suites for individuals.

Tech Optimizer

May 20, 2025

Shuswap resident scammed out of $9,000 by fake antivirus software representative

A resident of Blind Bay lost ,000 in a computer fraud scheme after being persuaded by a caller claiming to represent Norton antivirus. The victim, whose identity is confidential, was convinced to withdraw money from her bank account and deposit it into a Bitcoin account. Local police are investigating the case and have highlighted the importance of public awareness regarding such scams. Resources for recognizing and avoiding fraud include the BC RCMP Frauds and Scams, Canadian Anti-Fraud Centre, Canadian Telecoms Association, and Competition Bureau of Canada.

Tech Optimizer

May 20, 2025

The ol’ antivirus virus scam | Scam of the Week

A reader received a fraudulent email that appeared to be from Norton, claiming they had a subscription for a service they never signed up for. The email included a reminder about an automatic renewal for a Norton Ultimate Plus plan and provided a phone number that could lead to scams. EECU, a local credit union, warned its members about this scam and advised them to verify the authenticity of such invoices with their bank to prevent identity theft.