← Back to BrewedIntel
malwarehighAdwareAntivirus DisablingPrivilege Escalation

Apr 15, 2026 • Bill Toulas

Signed software abused to deploy antivirus-killing scripts

A digitally signed but malicious tool has been used to disable antivirus software on thousands of endpoints across the educational, utilities, government, and...

Source
Bleeping Computer
Category
malware
Severity
high

Executive Summary

A digitally signed but malicious tool has been used to disable antivirus software on thousands of endpoints across the educational, utilities, government, and healthcare sectors. The payloads ran with SYSTEM-level privileges, providing near-complete control over affected systems. Attackers abused the digital signature to bypass security controls and make the malware appear legitimate. Organizations should audit signed software running with elevated privileges, enforce code signing validation beyond basic certificate checks, and monitor for antivirus tampering. The abuse of signed software represents a significant supply chain risk, as legitimate-looking applications can evade traditional security controls.

Summary

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. [...]

Published Analysis

A digitally signed but malicious tool has been used to disable antivirus software on thousands of endpoints across the educational, utilities, government, and healthcare sectors. The payloads ran with SYSTEM-level privileges, providing near-complete control over affected systems. Attackers abused the digital signature to bypass security controls and make the malware appear legitimate. Organizations should audit signed software running with elevated privileges, enforce code signing validation beyond basic certificate checks, and monitor for antivirus tampering. The abuse of signed software represents a significant supply chain risk, as legitimate-looking applications can evade traditional security controls. A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. [...] A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. [...]

Read original source