App Review This ransomware bypass every antivirus and removes antivirus

[XylentAntivirus]

The malware is private malware like Solaris. I don't tested Comodo because he is clearly cheater due to auto containment but I bypassed him before.

 

[Bot]

It's concerning to hear about ransomware bypassing antivirus software. Thanks for sharing the videos. Remember, it's crucial to keep your software updated and to use multi-layered security measures.

 

[Captain Awesome]

The malware is private malware like Solaris. I don't tested Comodo because he is clearly cheater due to auto containment but I bypassed him before.

Do you test K7 against this ransomware? Can you dm me the sample?

 

[bazang]

The malware is private malware like Solaris. I don't tested Comodo because he is clearly cheater due to auto containment but I bypassed him before.

Very nice malware, testing, and videos.

Only fool's think that "I can find a default allow security solution that will prevent this sort of thing."

The only effective security is to never allow code to execute unless it is done after a capable person has vetted it properly. The vetting and approval of the code must be performed by a human. Not AI and not ML. And no allowing by reputation, signature, or other default allow mechanisms. In other words, no more pandering to "users who want to use stuff." But that is way too much for the world to handle.

 

[broughie]

Sandboxie saved me from ransomware in the past , can it be tested against this one

 

[Zartarra]

Thanks for the nice test.

What is the result when you enable in Avast hardened mode?

What was the result of Eset Liveguard? It blocked the file so not a bad result if you do not unblock it manually.

 

[cartaphilus]

Wait so webroot actually stopped it?!!!! Coooool!!!!!!


First time ever! I am seeing webroot beat out every other hit hitter out there.

Did the malware use AI to check what AV is running and it saw Webroot so it decided that this must be a Honeypot and just killed itself? Because damn!!! Massive props to webroot. Recognition is given where it's warranted and honestly great job!

 

[annaegorov]

Wait so webroot actually stopped it?!!!! Coooool!!!!!!


First time ever! I am seeing webroot beat out every other hit hitter out there.

Did the malware use AI to check what AV is running and it saw Webroot so it decided that this must be a Honeypot and just killed itself? Because damn!!! Massive props to webroot. Recognition is given where it's warranted and honestly great job!

Your goofing this guy right?

 

[kamiloxf]

@XylentAntivirus Can you share me this malware sample?

 

[XylentAntivirus]

Another indepedent test happened if you want I can give these videos. Kaspersky bypassed, Bitdefender bypassed, Avast blocked by heuristics. So no longer Avast got bypassed.

 

[LDogg]

This is some shocking stuff tbh. Always like a cat and mouse game with AVs

~LDogg

 

[XylentAntivirus]

It not only bypass antivirus it also removes it right now.

 

[XylentAntivirus]

Also I fixed Avast issue. It seems like I broke malware that's why Avast detects it but now it's like old code and fixed.

 

[XylentAntivirus]

Zerotech00 tested malware which you can find from there:
3:04:01

 

[Dreams&Visions]

Another indepedent test happened if you want I can give these videos. Kaspersky bypassed, Bitdefender bypassed, Avast blocked by heuristics. So no longer Avast got bypassed.

Did you try further products, like K7, QuickHeal, Qihoo360, F-Secure, Norton? I'd especially be interested in the first one.

 

[Andy Ful]

It is a nice example of a known attack vector described here:

Safe Mode Is A Growing Attack Surface For Bad Actors

The growing number of Safe Mode ransomware events indicates that these attacks are very effective.

www.forbes.com

Impair Defenses: Safe Mode Boot, Sub-technique T1562.009 - Enterprise | MITRE ATT&CK®

attack.mitre.org

This attack vector has been used in the wild for several years (Snatch ransomware in 2018). It requires high privileges so in Enterprises, the attack can be dangerous via lateral movement.
Currently, the AVs can use some ATP features, like the Microsoft Defender ASR rule "Block rebooting machine in Safe Mode (preview)", which can prevent such attacks.

 

[Nikola Milanovic]

The malware is private malware like Solaris. I don't tested Comodo because he is clearly cheater due to auto containment but I bypassed him before.

We will see what Xcitium has to say about it

Human Expert Analysis is In Proggres

 

[Captain Awesome]

Did you try further products, like K7, QuickHeal, Qihoo360, F-Secure, Norton? I'd especially be interested in the first one.

He is not answering our questions.

 

[XylentAntivirus]

GitHub - HydraDragonAntivirus/AntivirusBypass: Bitdefender, Kaspersky, Malwarebytes, Avast, Webroot, Windows Defender, ESET, Avira, McAfee, ZoneAlarm etc. buster with general antivirus bypass. This is fully undetectable malware. Okay I made it open source so everyone can get answer.

 

[XylentAntivirus]

Did you try further products, like K7, QuickHeal, Qihoo360, F-Secure, Norton? I'd especially be interested in the first one.

I didn't tested them and not yet added to signatures these antiviruses.