• Spyboy Defense Evasion Tool Advertised Online

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Spyboy Defense Evasion Tool Advertised Online

    • This topic has 0 replies, 1 voice, and was last updated 4 months ago.


    What happened?

    On May 21, 2023, an online persona named spyboy began advertising an endpoint defense evasion tool for the Windows operating system via the Russian-language forum Ramp. The author claims that the software — seen in a demonstration video as being titled “Terminator” — can bypass twenty three (23) EDR and AV controls( These include products from Microsoft, Sophos, CrowdStrike, AVG, Avast, ESET, Kaspersky, Mcafee, BitDefender, Malwarebytes, and more.). At time of writing, spyboy is pricing the software from $300 USD (single bypass) to $3,000 USD (all-in-one bypass).

    Technical Details

    At time of writing, the Terminator software requires administrative privileges and User Account Controls (UAC) acceptance to properly function. Once executed with the proper level of privilege, the binary will write a legitimate, signed driver file — Zemana Anti-Malware — to the C:\Windows\System32\drivers\ folder. The driver file is given a random name between 4 and 10 characters. An example of this driver file can be found on VirusTotal here..

    1 user thanked author for this post.
    Reply To: Spyboy Defense Evasion Tool Advertised Online

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: