NewNow you can hear Fox News article!
Most modern Windows PC rely on Microsoft Defender, as is the first line of defense against malware. Over the years, it has developed in a competent and often underraged antivirus that blocks a wide range of dangers. But a hacker group has discovered a way to misuse a valid Intel CPU tuning driver in its own weaker driver (BYOVD) attack to fully disable the Microsoft defender.
Technology has been observed from mid -July 2025 and is already being used in active ransomware operations. The method does not depend on the software bug to exploit the bug or give clearly malicious file. Instead, it takes advantage of how the Windows driver is designed to allow the system to allow deep hardware access.
Let us know about the attack on all and how you can be safe.
How scammers target you even without social media
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com Newspaper.
The Akira Rainmware Group exploits a valid Intel CPU tuning driver in the cyber attack to fully disable the Microsoft defender on the Windows system. (Kurt “Cybergui” Notson)
How Akira Rainmware disables Microsoft Defender
The Akira Rainsmware Group has developed a new way to bypass safety devices using a valid Intel CPU tuning driver, which is called rwdrv.sys from the performance-twitching tool thrustop. Security firm Guidpoint Security says that the attackers load this driver to get kernel-tier access to the Windows system, then install a second malicious driver, hlpdrv.sys, which changes disablyantispywaare registration sets through Regedit.EXE to shut down the microsoft defender.
Once the defender is disabled, the attackers may run other malicious programs. Guidpoint says that this method has been seen continuously in Akira campaigns since mid -July.
The Akira ransomware group is infiltrating the Windows operating system by exploiting a legitimate driver to obtain access. (Kurt “Cybergui” Notson)
Akira Rainmware targeted Microsoft Defender and Sonicwall VPNS
The same group is also associated with the target attacks of Sonicwall VPN devices. Sonicwall has stated that these incidents include a known vulnerability, CVE-2024–40766, instead of a brand-new zero-day. The company recommends banning VPN access, enables multi-factor authentication, and disable unused accounts as immediate rescue.
Akira attacks often include stealing data, setting hidden remote access and deploying ransomware to encrypse files in an organization. Security experts have warned that fake or look websites are being used rapidly to distribute these malicious equipment.
FBI warns seniors about Arab-Dollar scam
Guidpoint researchers have published a Yara Detection Rules with file name, service name, SHA-256 hash and file path to help identify this activity. They recommend actively monitor for these indicators, apply filtering and blocked rules as new IOC, and only download software from official or verified sources.
We arrived Microsoft for a comment, but did not hear back before our time limit.
Antivirus software, two-factor authentication and data removal services are only a few ways, which can protect themselves from Windows user hackers. (Cyberguy.com)
6 ways to protect yourself against Akira ransomware and similar dangers
Microsoft defender attack is smart and dangerous, but you are not without rescue. Here are some suggestions to help you stay safe:
1) Use strong antivirus software
Even with regular updates, if built-in defense is disabled, the Windows system can be exposed. Real-time safety, kernel-level monitoring and a strong antivirus software with frequent updates can provide backup security. The best way to protect yourself from malicious links that installs malware, potentially reaches your personal information, is a strong antivirus software installed on all your devices. This security can also make you alert for email and ransomware scams, keeping your personal information and digital assets safe.
Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices Cyberguy.com.
2) Limit the range
Many exploitation rely on user interactions, such as clicking on a shady link, downloading an agreement made, or mounting an incredible virtual disc. Stick to reputed websites, avoid opening unwanted email attachments, and use a browser with underlying security features (such as Microsoft Edge or Chrome with safe browsing enabled).
3) Avoid running unexpected commands
Paste or run commands never understand you or were copied from random websites. The attackers often inadvertently trick users in running malware in this way.
Google is a known hacker group confirms stolen data in violations
4) Keep your software updated
Regularly update your operating system, browser and all software applications. Updates often include patches for security weaknesses that can exploit malware.
5) Use a two-factor authentication (2fa)
Enable 2fa on all your accounts. This adds an additional layer of protection by the requirement of a second form of verification, making it difficult for the attackers to get access even when you have a password.
6) Invest in personal data removal services
Even with strong device safety, your personal information can still be exposed online through data brokers and people-fun sites.
While no service can guarantee the removal of your data from the Internet completely, a data removal service is actually a smart option. They are not cheap – nor is your privacy. These services do all the work for you by actively monitoring and systematically monitoring your personal information from hundreds of websites. This is what gives me peace of mind and has proved to be the most effective way to eradicate your personal data from the Internet. By limiting the available information, you reduce the risk of cross-referring data from breech to scams cross-referenceing data, which they can find on the dark web, making it difficult for them to target them.
See my top pics for data removal services and get a free scan to find out if your personal information is already on the web Cyberguy.com.
Get a free scan to know if your personal information is already on the web: Cyberguy.com.
Click here to get Fox News app
Kurt’s key to Techway
Akira’s move shows a great defect how Windows rely on some devices. The purpose of a driver is the key to shutting down security for harmless CPU tuning. Since it is from a valid source, Windows gives it without just asking questions. We feel that hackers always break from outside. Here, they are already inside the trust circle, using their rules of the system.
Should Microsoft do more ransomware groups to prevent defender from disabling? Write us and tell us Cyberguy.com.
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com Newspaper.
Copyright 2025 cyberguy.com. All rights reserved.
