We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Kaspersky products

Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses
Tech Optimizer
August 7, 2025

Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses

Attackers have been using the ThrottleStop.sys driver to disable antivirus software in compromised networks since October 2024. This driver, designed for CPU throttling, allows malware to gain kernel-level memory access and terminate security processes. Initial access is typically gained through stolen RDP credentials or brute-forced administrative accounts, enabling the deployment of the AV killer alongside ransomware like MedusaLocker. Once inside, attackers extract additional user credentials using tools like Mimikatz and move laterally with Pass-the-Hash techniques. They upload two key components, ThrottleBlood.sys (the renamed driver) and All.exe (the AV killer), to user directories. The malware effectively disables Windows Defender and other endpoint protections, leading to severe data encryption in industries with exposed RDP endpoints, particularly affecting victims in Brazil, Ukraine, Kazakhstan, Belarus, and Russia. Securelist analysts noted that traditional self-defense features in Kaspersky products can counter this AV killer, but many organizations still rely on less effective solutions. The malware exploits two vulnerable IOCTL functions in the ThrottleStop.sys driver, allowing arbitrary memory reads and writes. It uses a loop to match and terminate antivirus processes by invoking kernel functions. The malware avoids detection by restoring original kernel bytes after execution. This situation highlights the need for improved driver integrity monitoring and robust security strategies.
Google officially kicks Kaspersky antivirus software app off the Play Store
AppWizard
October 7, 2024

Google officially kicks Kaspersky antivirus software app off the Play Store

Kaspersky's official Android app was removed from the Google Play Store, and its developer accounts were disabled, following sanctions imposed by the US government. Kaspersky is investigating the unavailability of its software and has provided alternative download options through other app stores and its official website. The US government has raised concerns about Kaspersky's software potentially being exploited by the Russian government, leading to a ban on the sale of its products effective July 20, 2024. Kaspersky was placed on the US Entity List, and updates to its software were halted as of September 29. The company is offering free security products and safety tips for six months to mitigate customer impact. In September 2024, US customers reported that their antivirus software was replaced with a new solution named UltraAV.
US Kaspersky customers startled by forced switch to 'rando' AV software
Tech Optimizer
September 25, 2024

US Kaspersky customers startled by forced switch to ‘rando’ AV software

Kaspersky customers in the United States are experiencing an automatic transition to UltraAV antivirus software, developed by Pango Group, following a ban on Kaspersky products by the Biden administration due to security risks. Many users were surprised and frustrated by the abrupt switch, discovering unfamiliar software installed on their devices without prior notice. Complaints have surfaced on social media and Kaspersky's support forum regarding the lack of information about UltraAV and concerns over the transition process. The Department of Commerce's Bureau of Industry and Security identified Kaspersky's products as potential security risks, leading to the ban. Kaspersky announced that updates to its software would cease by September 29, and although Pango stated that notifications were sent to customers, many reported not receiving them. Customers had the option to opt out of the transition by contacting customer service, but many feel the process could have been handled more effectively.
Kaspersky’s Weird Exit from the U.S. Market Catches Users Off Guard
Tech Optimizer
September 24, 2024

Kaspersky’s Weird Exit from the U.S. Market Catches Users Off Guard

Kaspersky removed its antivirus software from American computers and replaced it with UltraAV's solution without prior warning, leading to confusion among users. Although Kaspersky sent an email two weeks prior about the transition, the communication was unclear, leaving many unaware of the immediate switch. This change occurred ten days before a U.S. ban on Kaspersky products by the Biden Administration. Some users reported difficulties uninstalling the new UltraAV software, prompting many to consider alternative antivirus products.
Kaspersky Labs: Russian antivirus firm leaving the US after ban
Tech Optimizer
August 9, 2024

Kaspersky Labs: Russian antivirus firm leaving the US after ban

Kaspersky Labs has announced its exit from the U.S. market due to a ban on its software by the Biden administration, which cited security risks related to the company's ties to Moscow. The company plans to gradually cease U.S. operations starting July 20, 2024, and has already stopped sales on its U.S. website. The Commerce Department's ruling prohibits Kaspersky from selling its software or providing updates in the U.S., leveraging powers established during the Trump administration to restrict transactions with foreign adversaries. The restrictions will take effect on September 29, and Kaspersky intends to explore legal options to contest the ban.
U.S. bans Kaspersky and hands out sanctions to execs — 100 days until class-leading antivirus ban takes effect | Tom's Hardware
Tech Optimizer
June 22, 2024

U.S. bans Kaspersky and hands out sanctions to execs — 100 days until class-leading antivirus ban takes effect | Tom’s Hardware

Kaspersky Lab, a Russian-based antivirus and cybersecurity company, has been hit with two rounds of sanctions by the U.S. government. The first round of sanctions bans Kaspersky Antivirus products from being sold in the U.S. due to concerns about potential connections between Kaspersky and the Russian government. Despite being known for its industry-leading malware research, Kaspersky will face challenges in providing security solutions to U.S. citizens due to the sanctions.
Search