Skip to content Dark Web Informer - Cyber Threat Intelligence
Support
Sign In Subscribe
Malware

A Threat Actor Claims to be Selling AV/EDR Killer

 and  Dark Web Informer - Cyber Threat Intelligence
2 min read

📌 Quick Facts

🔗 DarkWebInformer.com - Cyber Threat Intelligence
📅 Date: 2025-03-03 17:39:10
🚨 Title: Alleged Sale of AV/EDR Killer
🛡️ Victim Country: Not Specified
🏭 Victim Industry: Not Specified
🏢 Victim Organization: Not Specified
🌐 Victim Site: Not Specified
📜 Category: Malware
🔗 Claim: https://forum.exploit.in/topic/255147/
🕵️‍♂️ Threat Actor: Taint
🌍 Network: OpenWeb

📝 What Happened?
A threat actor identified as Taint has advertised the sale of an AV/EDR Killer, a malicious tool designed to disable antivirus (AV), endpoint detection and response (EDR), and extended detection and response (XDR) solutions.

The malware allegedly exploits a vulnerable driver to completely disable security protections, persisting even after system reboots. According to the seller, the tool has been tested against:

  • SentinelOne
  • Sophos Intercept X (XDR)
  • Sangfor EDR
  • ESET Endpoint Security
  • Panda Adaptive Defense 360

The tool is reportedly compatible with major Windows versions, including Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows 10, and Windows 11.

The seller offers three weeks of support, including a one-time driver replacement if detected by security software. The listed price is $2,000 per build.

📊 Compromised Access Details

  • Malware designed to disable security software, leaving systems unprotected
  • Persistent attack capabilities, surviving reboots
  • Compatibility with major enterprise security solutions
  • Potential use in ransomware and targeted cyberattacks

🛡 WhiteIntel.io Data Leak Information
(No victim site disclosed)

Implications

  • Enterprise Security Bypass – Attackers could use this tool to disable EDR/XDR solutions before executing malware.
  • Ransomware & Data Theft – Disabling security tools could facilitate ransomware deployment or stealthy data exfiltration.
  • Regulatory & Compliance Risks – Organizations affected may face legal and compliance violations due to undetected intrusions.

🔧 Recommended Actions

  • Monitor for Unusual Driver Activity – Keep track of unauthorized driver installations.
  • Enable Kernel-Level Security Protections – Utilize OS-level security features to prevent driver exploits.
  • Ensure Endpoint Security is Updated – Security teams should apply the latest patches and threat intelligence updates.
  • Harden System Defenses – Restrict driver installation privileges and enforce strict application control policies.

Stay vigilant. Follow DarkWebInformer.com for real-time updates on cyber threats.

Related

Latest