A threat actor dubbed AlphaGhoul has now begun to push NtKiller-a perilous tool-on the dark web forums, claiming it silently kills antivirus software and bypasses endpoint detection and response systems. As a malware loader, this tool targets popular security products such as Microsoft Defender, ESET, Kaspersky, Bitdefender, and Trend Micro. This puts organizations relying on traditional security in great danger. Its announcement consolidates the escalating commercialization of evasion tools in the underground.
NtKiller has a modular pricing system; the base price is $500, while the inclusion of rootkit capabilities or UAC bypass would be an additional $300 each, demonstrating the refinement of cybercriminal sales. KrakenLabs researchers witnessed early-boot persistence, embedding the tool within a system at an early stage of boot time, which is long before most security monitors have become active. This mechanism complicates the work of security teams for detection and removal.
Beyond basic process killing, NtKiller boasts HVCI disabling, VBS manipulation, and memory integrity bypasses among other advanced evasion tactics. Anti-debugging and anti-analysis protections thwart forensic examination and create a gap between hype and proven performance.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: