malware tools Archives

Winsage

November 5, 2025

Curly COMrades abuse Hyper-V for covert malware operations in VMs

Bitdefender researchers have identified advanced techniques used by the Curly COMrades threat actor, believed to have Russian backing, to exploit Microsoft’s Hyper-V virtualization platform. This group activates Hyper-V on compromised systems to deploy a lightweight virtual machine (VM) running Alpine Linux, which hosts malware tools CurlyShell and CurlCat. The operation began in early July with commands that activated Hyper-V and prepared the environment for the VM, using deceptive file names to avoid detection. The Alpine Linux VM is customized for each victim, allowing the attackers to maintain a low profile while facilitating reverse shell and proxy activities. The VM routes traffic through the host's network, masking communications as originating from the legitimate host IP. CurlyShell acts as a persistent reverse shell, while CurlCat manages SSH traffic tunneling, utilizing a private key for authentication. The attackers also employ various proxy and tunneling tools and utilize PowerShell scripts for tasks such as injecting Kerberos tickets into LSASS for lateral movement and creating local accounts to ensure ongoing access. Their command and control infrastructure involves compromised servers that relay traffic between infected hosts and the attackers' servers, with measures taken to limit forensic evidence. To detect and mitigate these threats, Bitdefender emphasizes the need for host-based network inspection and hardening, as well as monitoring for abnormal access to the LSASS process and suspicious Kerberos ticket activities. The findings indicate a shift in threat actor tactics towards using virtualization for stealth and persistence, highlighting the need for layered security measures.

Winsage

November 4, 2025

Russian hackers abuse Hyper-V to hide malware in Linux VMs

The Russian hacker group Curly COMrades has been using Microsoft Hyper-V to bypass endpoint detection and response (EDR) solutions by creating a concealed Alpine Linux-based virtual machine for running malware. They have deployed proprietary tools, CurlyShell and CurlCat, within this virtual environment to maintain operational stealth and secure communication. Active since mid-2024, the group targets government and judicial entities in Georgia and energy companies in Moldova. In early July, they gained remote access to two machines, activated Hyper-V, and disabled its management interface to deploy a minimalistic virtual machine that hosted their malware. This tactic allowed them to evade traditional host-based EDR detections. The virtual machine was configured to use the Default Switch network adapter, making malicious traffic appear to originate from the legitimate host's IP address. CurlyShell executes commands and maintains persistence, while CurlCat facilitates covert traffic tunneling. The group also utilized PowerShell scripts for persistence and pivoting to remote systems, including injecting Kerberos tickets into LSASS and creating local accounts via Group Policy. Bitdefender advises organizations to monitor for abnormal Hyper-V activation, LSASS access, and suspicious PowerShell scripts.

Tech Optimizer

October 24, 2025

Why Aren’t Antivirus Programs Enough To Protect Crypto?

Cryptocurrency has introduced a decentralized approach to financial transactions, but it faces significant security challenges, including vulnerability to cyberattacks, theft, and fraud. Traditional antivirus software has limitations, such as reliance on signature-based detection, which struggles against emerging and polymorphic malware. Behavioral detection methods also have shortcomings, as stealth malware can disguise itself and conditional activation can evade detection. Fileless malware techniques and human error, such as phishing and weak password hygiene, further complicate security. To enhance security, cryptocurrency users should adopt a multi-layered strategy that includes using hardware wallets for offline storage of private keys, implementing multi-factor authentication (MFA), and utilizing dedicated anti-malware tools. Safe browsing habits and regular software patches are also essential, along with securely backing up private keys.

Tech Optimizer

October 19, 2025

October is Cybersecurity Awareness Month: Why it matters more than ever

Cox offers Cox Advanced Security, which provides real-time threat protection, blocking malicious websites and suspicious activities at no additional cost with Panoramic WiFi. Strategies to enhance online safety include using strong, unique passwords, enabling multi-factor authentication, keeping software updated, being cautious of phishing scams, securing Wi-Fi networks, backing up data, limiting personal information shared online, using antivirus and anti-malware tools, logging out from shared devices, and staying informed about cybersecurity.

Tech Optimizer

August 15, 2025

Another devious antivirus killer tool has been found – so make sure you’re protected

The Crypto24 ransomware group, identified in September 2024, employs advanced tactics to disable antivirus protections before launching attacks. They use a custom variant of the open-source tool RealBlindingEDR.malware to neutralize AV defenses, sometimes uninstalling antivirus programs entirely. After gaining access to a target system, they deploy a keylogger and an encryptor, exfiltrating data to Google Drive with a specialized tool. The group has targeted large organizations in the U.S., Europe, and Asia, focusing on sectors like finance, manufacturing, technology, and entertainment. Cybersecurity experts recommend a layered defense strategy, including reputable antivirus solutions with tamper protection, real-time monitoring, firewalls, and additional anti-malware tools to mitigate risks.

Tech Optimizer

July 20, 2025

Antivirus vs Anti-malware: which is best for you?

The landscape of cyber threats has evolved, with increased sophistication and frequency of attacks, partly due to advancements in artificial intelligence. Businesses, regardless of size, should reassess their vulnerabilities as even small entities can be targeted. Investing in robust cybersecurity software is essential, with a distinction between antivirus and anti-malware tools being crucial. Malware includes various types of malicious software, and while antivirus software primarily uses signature-based detection, anti-malware tools employ advanced techniques like behavioral analysis and sandboxing. Anti-malware programs can identify hidden threats that antivirus may miss, such as rootkits. Antivirus solutions have adapted to include heuristic analysis and additional features like password management and firewalls. Antivirus is designed for average users, while anti-malware is favored by high-risk users, though everyone can benefit from both. Combining antivirus and anti-malware creates a layered security system, and many vendors now offer integrated products. Popular antivirus solutions with anti-malware capabilities include Bitdefender, Norton 360, McAfee, and Avast. Users are encouraged to run both types of software or choose a combined solution for comprehensive coverage. Despite high detection rates, users should remain vigilant and informed to reduce the risk of cyberattacks.

Tech Optimizer

June 2, 2025

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses

Underground cybercriminal forums are seeing an increase in advanced malware tools, including a Windows crypter that claims to bypass major antivirus solutions. This crypter is marketed as fully activated and capable of achieving Full Undetectable (FUD) status against contemporary antivirus engines. It employs advanced obfuscation techniques to evade detection, including code injection methods, entropy manipulation, and anti-debugging features. The tool allows for granular control over obfuscation parameters, enabling customization for specific target environments. The rise of such sophisticated evasion tools poses challenges for traditional endpoint security, making organizations vulnerable if they rely solely on signature-based antivirus solutions. To defend against these threats, organizations should adopt multi-layered security architectures, including behavioral analysis and endpoint detection and response (EDR) solutions.