Malicious Actor Claims New Tool Can Bypass Any Antivirus, EDR

Red shield representing security software shattering into pieces.
Bing Image Creator

A malicious actor is selling a tool called Terminator that they claim can bypass antivirus and EDR software. The tool is reportedly able to bypass 24 different security solutions, including Windows Defender, on devices running Windows 7 and later.

The author of Terminator, who goes by the pseudonym “Spyboy,” sells the tool for prices ranging from $300 for a single bypass to $3,000 for an all-in-one bypass.

In order to use Terminator, clients require administrative privileges on the target Windows systems. This can be done by tricking the user into accepting the Windows User Account Control (UAC) pop-up that will be displayed when the tool is launched.

A CrowdStrike engineer found that Terminator is actually a simple tool that dumps a legitimate signed Zemana antivirus driver into the target system. The driver is then loaded to obtain elevated privileges in order to terminate the processes of antivirus, EDR and XDR programs running on the device.

Currently, only one VirusTotal scan engine detects this driver as malicious.

Twitter user S0ufi4n3 shared links to the videos supposedly showing Terminator in action

Here are some additional tips for protecting your system from Terminator and other malware threats:

  • Keep your operating system and software up to date with the latest security patches.
  • Use a reputable antivirus program and keep it up to date with the latest virus definitions.
  • Be careful about what websites you visit and what files you download.
  • Do not open email attachments from unknown senders.
  • Use a firewall to protect your computer from unauthorized access.
  • Be aware of the latest malware threats and how to protect yourself.


Share this post

Surveillance cameras on wall

Russia Accuses US of Widespread Apple iPhone Hacking

Russia’s Federal Security Service (FSB) claims to have discovered an elaborate American espionage operation that compromised thousands of iPhones using sophisticated surveillance software. Moscow-based Kaspersky Lab confirmed that several of its employees’ devices were compromised during the operation.

Abstract powerlines

Mandiant Unearths New Malware That Can Sabotage Power Grids

A new strain of malware, dubbed COSMICENERGY, has been discovered that is designed to penetrate and disrupt critical systems in industrial environments. The malware is capable of exploiting an industrial communication protocol called IEC-104 to issue commands to RTUs, which could potentially cause power disruption. There is no evidence that the malware has been used in attacks, but its discovery is a reminder of the threat posed by malicious software to critical infrastructure.