Cybercriminals are enhancing their capabilities to disable antivirus and endpoint detection and response (EDR) systems, with a new malware tool called EDRKillShifter being circulated in underground forums. This tool can neutralize EDR systems from vendors like Sophos, Bitdefender, and Kaspersky, using obfuscation techniques and signed drivers that may be stolen or compromised. EDRKillShifter was found embedded in the legitimate Clipboard Compare tool from Beyond Compare, indicating sophisticated tactics to evade detection. The malware emerged in mid-2024 after an unsuccessful attempt to disable antivirus software and deploy ransomware, revealing evolving strategies among attackers. To mitigate risks, Sophos recommends enabling tamper protection, maintaining robust security hygiene, and keeping systems updated, particularly regarding outdated signed drivers.