Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,321
- Points
- 113
As a well-known tool for ransomware attacks, it is distributed on dark forums.
Researchers have uncovered a new fraudulent scheme of the well-known hacker group FIN7. Criminals actively advertise and sell on dark forums a tool for circumventing security systems called AvNeutralizer. This software allows you to invade victims ' devices without being noticed, bypassing threat detection systems.
According to a recent report from SentinelOne, AvNeutralizer has already adopted several extortionate groups.
AvNeutralizer's history dates back to April 2022. It is interesting that the first six months of the instrument was used by another group-Black Basta. She was probably one of the first customers.
SentinelOne analysts found a lot of ads on various underground forums advertising the sale of AvNeutralizer. To hide their tracks, FIN7 used a number of aliases, including "goodsoft", "lefroggy", "killerAV"and " Stupor". The cost of the software ranges from 4 to 15 thousand dollars.
The key feature of AvNeutralizer is that it is configured individually for each customer, allowing targeted attacks on specific security systems of their choice. Since the beginning of 2023, the malware managed to "light up" in a variety of cyber attacks, including the subsequent introduction of infamous ransomware programs like AvosLocker, MedusaLocker, BlackCat, Trigona and LockBit.
AvNeutralizer developers do not sit idly by and constantly improve their brainchild. The latest version discovered by SentinelOne includes a new method of bypassing security systems, previously not found "in the wild". In particular, the new version uses a built-in Windows driver called "ProcLaunchMon.sys" in conjunction with the Process Explorer driver.
FIN7 itself has been operating since 2013 and during this time has managed to cause significant financial damage to such industries as hospitality, energy, finance, high technology and retail. Most recently, in April of this year, the group attacked a major automaker in the United States.
SentinelOne experts emphasize that the development and commercialization of tools like AvNeutralizer on criminal underground forums significantly increases the group's influence. Using multiple aliases and collaborating with other cybercrime organizations makes it difficult to identify attackers and demonstrates their advanced tactics.
Source
Researchers have uncovered a new fraudulent scheme of the well-known hacker group FIN7. Criminals actively advertise and sell on dark forums a tool for circumventing security systems called AvNeutralizer. This software allows you to invade victims ' devices without being noticed, bypassing threat detection systems.
According to a recent report from SentinelOne, AvNeutralizer has already adopted several extortionate groups.
AvNeutralizer's history dates back to April 2022. It is interesting that the first six months of the instrument was used by another group-Black Basta. She was probably one of the first customers.
SentinelOne analysts found a lot of ads on various underground forums advertising the sale of AvNeutralizer. To hide their tracks, FIN7 used a number of aliases, including "goodsoft", "lefroggy", "killerAV"and " Stupor". The cost of the software ranges from 4 to 15 thousand dollars.
The key feature of AvNeutralizer is that it is configured individually for each customer, allowing targeted attacks on specific security systems of their choice. Since the beginning of 2023, the malware managed to "light up" in a variety of cyber attacks, including the subsequent introduction of infamous ransomware programs like AvosLocker, MedusaLocker, BlackCat, Trigona and LockBit.
AvNeutralizer developers do not sit idly by and constantly improve their brainchild. The latest version discovered by SentinelOne includes a new method of bypassing security systems, previously not found "in the wild". In particular, the new version uses a built-in Windows driver called "ProcLaunchMon.sys" in conjunction with the Process Explorer driver.
FIN7 itself has been operating since 2013 and during this time has managed to cause significant financial damage to such industries as hospitality, energy, finance, high technology and retail. Most recently, in April of this year, the group attacked a major automaker in the United States.
SentinelOne experts emphasize that the development and commercialization of tools like AvNeutralizer on criminal underground forums significantly increases the group's influence. Using multiple aliases and collaborating with other cybercrime organizations makes it difficult to identify attackers and demonstrates their advanced tactics.
Source
