A new trend among cybercriminals has emerged, involving the sale of anti-virus (AV) and Endpoint Detection and Response (EDR) solution killer programs aimed at evading detection and propelling malware. The VX-Underground cybersecurity researcher recently posted their latest AV and EDR killer, just hours after another similar claim had surfaced. The seller of the AV/EDR/XDR killer, who goes by the name Spyboy, boasted that it can easily evade the detection of a wide range of solutions, including WD, Sophos, Carbon black, SentinelOne, ESET, and Kaspersky, among others. The AV and EDR killer can penetrate the PC’s security architecture for systems running from Windows 7 to Windows 11, and Windows Server 2008 to Windows Server 2022.
Spyboy revealed that the all-in-one version of the AV/EDR/XDR killer would be available for the first five buyers at $1,500, and after that, it will cost $3,000. However, separate AV killers are available individually at $300. Notably, Spyboy revealed that he would not sell specific EDR killers separately, such as the ones for Carbon Black, Cylance, SentinelOne, Cortex, Sophos, or CrowdStrike.
The VX-Underground researcher also announced that they are launching their own AV/EDR killer program following the trend in Threat Actors selling the products. The team has decided to unveil their own program for evading detection. The effectiveness of Spyboy’s product, however, has been questioned by some of the experts in the field, stating that it requires administrator access, which is not available to most users.
The AV killers are malicious tools that disable virus protection programs, making it easier for malware to infiltrate systems while also evading firewall protection. EDR killers, on the other hand, disable the EDR detection and assist in deploying a backdoor for hackers to connect with commands to the targeted system. In contrast, the XDR killers can detect attacks within the network more efficiently than EDRs, which can help collect information from several threat vectors.
It’s important to note that AV/EDR/XDR security tools enhance security while simultaneously detecting keyloggers, malware, and suspicious communications reaching the server. However, the new trend of AV/EDR/XDR killers can pose a critical threat to enterprise security, which relies heavily on detection tools. Thus, it is vital for businesses to remain vigilant and take proactive measures in securing their systems against these new threats.
In conclusion, with the emergence of a new trend among cybercriminals, it is becoming crucial to prioritize cybersecurity measures. The sale of AV/EDR/XDR killer programs poses a new threat to the enterprise security system, emphasizing the need to remain cautious and vigilant of any suspicious activity. For individuals using personal computers, regular updates of Anti-virus programs and devices used could go a long way in preventing malicious attacks. Finally, collaboration between governments, businesses, and cybersecurity experts may be the silver bullet in combating such issues.