Cybersecurity company Sophos has identified a utility tool named EDRKillShifter, which aims to disable endpoint detection and response (EDR) systems, strengthening attackers’ possibilities of carrying out a successful ransomware attack. This discovery forms part of a growing trend, with increasingly sophisticated malware being developed to bypass EDR systems. To safeguard against these threats, Sophos recommends activating tamper protection, implementing stringent Windows security measures and regularly updating systems.
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The
