Counter antivirus services such as AVCheck allow cybercriminals to test whether their malware is detected by antivirus products.
Dutch authorities announced the takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals worldwide.
CAV services such as AVCheck play an important role in the malware deployment process, as they allow cybercriminals to test if their malware is detected by antivirus products and scanners, before using it in real-world attacks.
Malware that can evade detection can then be deployed without being noticed to steal information, gain and maintain access to compromised systems, and encrypt data or lock down entire enterprise networks.
Cybercriminals often use CAV services in combination with crypting services, which are meant to make the malware more difficult to detect.
AVCheck was taken down on May 27, when authorities seized four domains and their associated server, and set up a fake login page to warn and deter the service’s users.
Law enforcement also seized the service’s database, obtaining email addresses and other data that linked the use of AVCheck to known ransomware groups.
The seizure was performed in coordination with Finnish and Dutch authorities, as part of Operation Endgame, which recently targeted the DanaBot botnet and the Lumma Stealer information stealer.
Law enforcement agencies in Denmark, Finland, France, Germany, the Netherlands, and the US participated in the operation, with support from authorities in Portugal and Ukraine.
“By leveraging counter antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems,” FBI Special Agent Douglas Williams said.
