Kaspersky Archives

Tech Optimizer

August 12, 2025

Your antivirus is under attack from new “killer” tool – here’s what we know

Cybercriminals are enhancing their capabilities to disable antivirus and endpoint detection and response (EDR) systems, with a new malware tool called EDRKillShifter being circulated in underground forums. This tool can neutralize EDR systems from vendors like Sophos, Bitdefender, and Kaspersky, using obfuscation techniques and signed drivers that may be stolen or compromised. EDRKillShifter was found embedded in the legitimate Clipboard Compare tool from Beyond Compare, indicating sophisticated tactics to evade detection. The malware emerged in mid-2024 after an unsuccessful attempt to disable antivirus software and deploy ransomware, revealing evolving strategies among attackers. To mitigate risks, Sophos recommends enabling tamper protection, maintaining robust security hygiene, and keeping systems updated, particularly regarding outdated signed drivers.

Tech Optimizer

August 8, 2025

Cyberattackers Leverage Trusted Drivers to Disable Antivirus Software and Bypass Security Protocols

A cyberattack on a Brazilian enterprise involved the use of legitimate, digitally signed drivers to disable antivirus solutions and deploy MedusaLocker ransomware. The attackers executed a Bring Your Own Vulnerable Driver (BYOVD) attack by exploiting the ThrottleStop.sys driver, which has a critical vulnerability (CVE-2025-7771) allowing unauthorized memory access. They compromised an SMTP server using valid RDP credentials, extracted user credentials with Mimikatz, and moved laterally across the network. The attackers uploaded and executed an AV killer program and a renamed version of the driver, terminating antivirus processes to facilitate ransomware deployment. The malware targeted major antivirus vendors and employed kernel-level commands to eliminate security processes. Recommendations for defense include multi-factor authentication, hardening RDP access, and implementing layered security measures.

Tech Optimizer

August 7, 2025

Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses

Attackers have been using the ThrottleStop.sys driver to disable antivirus software in compromised networks since October 2024. This driver, designed for CPU throttling, allows malware to gain kernel-level memory access and terminate security processes. Initial access is typically gained through stolen RDP credentials or brute-forced administrative accounts, enabling the deployment of the AV killer alongside ransomware like MedusaLocker. Once inside, attackers extract additional user credentials using tools like Mimikatz and move laterally with Pass-the-Hash techniques. They upload two key components, ThrottleBlood.sys (the renamed driver) and All.exe (the AV killer), to user directories. The malware effectively disables Windows Defender and other endpoint protections, leading to severe data encryption in industries with exposed RDP endpoints, particularly affecting victims in Brazil, Ukraine, Kazakhstan, Belarus, and Russia. Securelist analysts noted that traditional self-defense features in Kaspersky products can counter this AV killer, but many organizations still rely on less effective solutions. The malware exploits two vulnerable IOCTL functions in the ThrottleStop.sys driver, allowing arbitrary memory reads and writes. It uses a loop to match and terminate antivirus processes by invoking kernel functions. The malware avoids detection by restoring original kernel bytes after execution. This situation highlights the need for improved driver integrity monitoring and robust security strategies.

Tech Optimizer

August 1, 2025

Microsoft says Russian hackers are planting fake antivirus software in embassy attacks

Recent findings from Microsoft Threat Intelligence indicate that Russian state hackers are targeting foreign embassies in Moscow using a sophisticated malware called ApolloShadow, which disguises itself as Kaspersky antivirus software. This malware installs a TLS root certificate, allowing hackers to impersonate trusted websites accessed by compromised systems within the embassies. The attacks are categorized as adversary-in-the-middle (AiTM) attacks, enabling hackers to intercept and manipulate communications. The group behind these attacks, known as Secret Blizzard, has a history of targeting Ukrainian military technology and has now expanded its operations to conduct cyber espionage within Russia. Diplomats using local ISPs or telecommunications services in Russia are considered likely targets for these activities, which may utilize Russia's domestic intercept systems like the System for Operative Investigative Activities (SORM).

Tech Optimizer

August 1, 2025

Best Alternative to Kaspersky Antivirus of 2025

Bitdefender is a recommended alternative to Kaspersky for antivirus software, offering features such as ransomware protection, exploit protection, SafePay, a VPN (with limited traffic on the entry-level plan), and a password manager. It has a customizable user interface, performs slightly better in malware protection, executes faster scans with lower resource usage, and includes a global website reputation database. Bitdefender provides superior firewall protection and higher-tier plans that feature dark web monitoring, data breach detection, and identity theft insurance. It offers four pricing plans ranging from .99 to .99, covering one account and up to five devices. Customer support includes live chat, email, phone assistance, a community forum, and an extensive knowledge base, which are more comprehensive than Kaspersky's options. Overall, Bitdefender is positioned as a strong choice for users transitioning from Kaspersky, particularly in terms of privacy and security features.

Tech Optimizer

July 25, 2025

Best antivirus software for Windows in 2025

Microsoft Defender is the most suitable free antivirus solution for most users, integrated into Windows 10 and 11 by default. It requires no additional effort from users, making it a convenient choice for everyday protection. For paid antivirus options, Bitdefender Total Security is priced from .99 or £49.99 annually for up to five devices, offering extensive features including malware detection, a VPN, and parental controls. Avast One starts at .88 or £32.49 per year for three devices and has a high malware detection rate, along with a built-in firewall and VPN functionality. F-Secure Total begins at .99 or £59.99 per year for one device, providing network protection at the router level and alerting users about compromised services.

Tech Optimizer

July 7, 2025

Best Prime Day antivirus deals: 7 heavily discounted security suites to keep you safe online

A reliable antivirus program is essential for computer security. During Amazon Prime Day, Norton 360 Deluxe is available for a year at a low price, and McAfee Total Protection is offered for a full year at a discounted rate. Other antivirus deals include Bitdefender Antivirus Plus, Kaspersky Security Cloud, Trend Micro Antivirus+ Security, Avast Premium Security, and Webroot SecureAnywhere, all featuring competitive pricing and special offers. More antivirus deals are expected to emerge throughout the week.

Tech Optimizer

June 13, 2025

‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI

A new strain of Windows malware called "BrowserVenom" is exploiting interest in DeepSeek's AI models by targeting users through deceptive Google ads. These ads lead to a counterfeit website, "https[:]//deepseek-platform[.]com," where users are tricked into downloading a harmful file named “AILauncher1.21.exe.” This malware monitors and manipulates internet traffic, allowing attackers to intercept sensitive data. The operation is believed to involve Russian-speaking threat actors, and the malware has infected users in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The fraudulent domain has been suspended, but the malware can evade many antivirus solutions. Users are advised to verify official domains when downloading software.

AppWizard

June 11, 2025

Experts warn GTA and Minecraft being used to lure in cyberattack victims – here’s how to stay safe

Cybersecurity experts have reported a significant increase in game-themed malware targeting the gaming community, especially younger players. From April 1, 2024, to March 31, 2025, there were over 19 million attempts to download malicious files disguised as popular games, affecting around 400,000 individuals globally. Grand Theft Auto V (GTA V) was the most targeted game, with nearly 4.5 million attack attempts, followed by Minecraft with 4.1 million, Call of Duty (CoD) with 2.6 million, and The Sims with 2.4 million. Cybercriminals exploit established games and lure victims with fake offers, often leading to infostealers, cryptocurrency hijackers, backdoors, and Trojans. Kaspersky advises gamers to avoid pirated content and be cautious of suspicious offers.

Tech Optimizer

June 5, 2025

Exponential Growth Expected for Computer Security For Business Market With Complete SWOT Analysis by Forecast From 2025 to 2032 | NortonLifeLock, Fortinet, McAfee, Avast, Trend Micro

The Computer Security For Business market is projected to experience significant growth and opportunities leading into 2025. The report provides insights on future trends, growth drivers, consumption patterns, production volumes, and key market statistics, including the compound annual growth rate (CAGR). Notable competitors in the market include NortonLifeLock, Fortinet, McAfee, Avast, Trend Micro, Bitdefender, ESET, Kaspersky Lab, Comodo, F-Secure, and AHNLAB. The market is segmented into various categories such as Network Security, Identity Theft Protection, Endpoint Security, and Antivirus Software, with applications categorized by age demographics (18-30 years old, 30-45 years old, and others). The report highlights factors driving market growth, emerging trends, and shifts in consumer behavior. Stakeholders can benefit from quantitative analyses, Porter’s Five Forces analysis, and strategic recommendations for refining business strategies and conducting competitor analyses. A discount of up to 70% is currently available for the report.