A malicious actor is selling a tool called Terminator that they claim can bypass antivirus and EDR software. The tool is reportedly able to bypass 24 different security solutions, including Windows Defender, on devices running Windows 7 and later.
The author of Terminator, who goes by the pseudonym “Spyboy,” sells the tool for prices ranging from $300 for a single bypass to $3,000 for an all-in-one bypass.
In order to use Terminator, clients require administrative privileges on the target Windows systems. This can be done by tricking the user into accepting the Windows User Account Control (UAC) pop-up that will be displayed when the tool is launched.
A CrowdStrike engineer found that Terminator is actually a simple tool that dumps a legitimate signed Zemana antivirus driver into the target system. The driver is then loaded to obtain elevated privileges in order to terminate the processes of antivirus, EDR and XDR programs running on the device.
Currently, only one VirusTotal scan engine detects this driver as malicious.
Twitter user S0ufi4n3 shared links to the videos supposedly showing Terminator in action
Here are some additional tips for protecting your system from Terminator and other malware threats:
- Keep your operating system and software up to date with the latest security patches.
- Use a reputable antivirus program and keep it up to date with the latest virus definitions.
- Be careful about what websites you visit and what files you download.
- Do not open email attachments from unknown senders.
- Use a firewall to protect your computer from unauthorized access.
- Be aware of the latest malware threats and how to protect yourself.