Disguised as a Windows driver, the Terminator antivirus killer poses a security risk
A threat actor known as Spyboy is promoting a tool called “Terminator” on a Russian hacking forum, claiming it can bypass and terminate various antivirus and security solutions on Windows systems. However, cybersecurity firm CrowdStrike believes it’s a sophisticated Bring Your Own Vulnerable Driver (BYOVD) attack. Terminator is sold for prices ranging from $300 to $3,000, and it requires administrative privileges and user deception to run. It drops a vulnerable driver into the Windows system folder, enabling it to disable security software processes. This technique has been used by various threat groups, including ransomware gangs and state-backed hackers. Recently, a similar tool called AuKill was discovered, using a vulnerable driver to disable EDR software before launching ransomware attacks.