'Harmless' Global Adware Transforms Into an AV Killer

A previously benign global adware campaign has evolved into a significant security threat capable of disabling antivirus protections. Identified as being pushed by the entity Dragon Boss, this malicious update was distributed in March 2025. The primary mechanism involves establishing system persistence through scheduled tasks, ensuring the malware remains active across reboots. Crucially, the update configures exclusions within Windows Defender, effectively blindfolding the security software against future payloads. This defense evasion technique allows subsequent malicious activities to proceed undetected. Organizations should monitor scheduled tasks for unauthorized entries and review Windows Defender exclusion lists immediately. Security teams are advised to treat adware updates with heightened scrutiny, as they may serve as initial access vectors for more severe compromises. Immediate remediation includes removing suspicious tasks and resetting security configurations to prevent further infiltration and data loss.

A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.

A previously benign global adware campaign has evolved into a significant security threat capable of disabling antivirus protections. Identified as being pushed by the entity Dragon Boss, this malicious update was distributed in March 2025. The primary mechanism involves establishing system persistence through scheduled tasks, ensuring the malware remains active across reboots. Crucially, the update configures exclusions within Windows Defender, effectively blindfolding the security software against future payloads. This defense evasion technique allows subsequent malicious activities to proceed undetected. Organizations should monitor scheduled tasks for unauthorized entries and review Windows Defender exclusion lists immediately. Security teams are advised to treat adware updates with heightened scrutiny, as they may serve as initial access vectors for more severe compromises. Immediate remediation includes removing suspicious tasks and resetting security configurations to prevent further infiltration and data loss. A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender. A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.