Terminator Antivirus Killer: Vulnerable Windows Driver Masquerading as Threat

 

Spyboy, a threat actor, has been actively advertising the “Terminator” tool on a hacking forum predominantly used by Russian speakers. The tool supposedly possesses the ability to disable various antivirus, XDR, and EDR platforms. However, CrowdStrike has dismissed these claims, stating that the tool is merely an advanced version of the Bring Your Own Vulnerable Driver (BYOVD) attack technique. 
According to reports, Terminator allegedly has the capacity to evade the security measures of 24 distinct antiviruses (AV), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) solutions. These include well-known programs such as Windows Defender, targeting devices operating on Windows 7 and later versions.
Spyboy, a seller specializing in software, offers a range of products designed to bypass security measures. Their software is available at various price points, starting at $300 for a single bypass and going up to $3,000 for a comprehensive all-in-one bypass solution.
“The following EDRs cannot be sold alone: SentinelOne, Sophos, CrowdStrike, Carbon Black, Cortex, Cylance,” the threat actor says, with a disclaimer that “Ransomware and lockers are not allowed and I’m not responsible for such actions.”
To utilize Terminator, the “clients” need to have administrative privileges on

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: