{"id":3101,"date":"2023-06-02T15:28:22","date_gmt":"2023-06-02T22:28:22","guid":{"rendered":"https:\/\/krsp.co\/agency\/?p=3101"},"modified":"2023-06-08T11:35:03","modified_gmt":"2023-06-08T18:35:03","slug":"hacker-claims-new-tool-can-bypass-any-antivirus-edr","status":"publish","type":"post","link":"https:\/\/krsp.co\/agency\/2023\/06\/hacker-claims-new-tool-can-bypass-any-antivirus-edr\/","title":{"rendered":"Malicious Actor Claims New Tool Can Bypass Any Antivirus, EDR"},"content":{"rendered":"\n

A malicious actor is selling a tool called Terminator that they claim can bypass antivirus and EDR software. The tool is reportedly able to bypass 24 different security solutions, including Windows Defender, on devices running Windows 7 and later.<\/p>\n\n\n\n

The author of Terminator, who goes by the pseudonym “Spyboy,” sells the tool for prices ranging from $300 for a single bypass to $3,000 for an all-in-one bypass.<\/p>\n\n\n\n

In order to use Terminator, clients require administrative privileges<\/a> on the target Windows systems. This can be done by tricking the user into accepting the Windows User Account Control (UAC) pop-up that will be displayed when the tool is launched.<\/p>\n\n\n\n

A CrowdStrike engineer<\/a> found that Terminator is actually a simple tool that dumps a legitimate signed Zemana antivirus driver into the target system. The driver is then loaded to obtain elevated privileges in order to terminate the processes of antivirus, EDR and XDR programs running on the device.<\/p>\n\n\n\n

Currently, only one VirusTotal<\/a> scan engine detects this driver as malicious. <\/p>\n\n\n\n

Twitter user S0ufi4n3<\/a> shared links to the videos supposedly showing Terminator in action
https:\/\/streamable.com\/h9n16x<\/a>
https:\/\/streamable.com\/ys07we<\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n

Here are some additional tips for protecting your system from Terminator and other malware threats:<\/p>\n\n\n\n