Notorious FIN7 hackers sell EDR killer to other threat actors
The notorious cybercriminal group FIN7, also known for its involvement in various high-profile ransomware operations, has recently been observed selling a powerful tool called AvNeutralizer to other threat actors. This tool is specifically designed to disable Endpoint Detection and Response (EDR) systems and antivirus software, making it easier for malware to operate undetected in targeted networks.
Initially developed by FIN7, AvNeutralizer has been sold on underground forums since 2022 for prices ranging from $4,000 to $15,000. The tool gained attention when it was used in BlackBasta ransomware attacks, and it has since been adopted by other major ransomware operations, including LockBit, AvosLocker, MedusaLocker, BlackCat, and Trigona. By leveraging legitimate system drivers like the Windows ProcLaunchMon.sys driver, the tool can suspend or terminate antivirus processes, rendering security defenses ineffective(ScyScan)(Black Hat Ethical Hacking).
FIN7, which has been active since 2012, continues to evolve its tactics, selling tools like AvNeutralizer to further increase the reach of ransomware-as-a-service (RaaS) operations. This represents a significant escalation in the cybercriminal ecosystem, with the group’s tools facilitating attacks that can bypass even advanced security measures(ThreatsHub).
FIN7’s activities have made them one of the most sophisticated and resilient hacking groups globally, demonstrating a deep technical capability in exploiting enterprise security systems. Their constant innovation poses a growing threat to organizations worldwide.
