Hackers Advertise VOID AV Killer to Disable Antivirus Tools

What happened

The VOID AV Killer has been advertised by hackers as a tool capable of disabling antivirus and endpoint security software at the kernel level. The tool is marketed as a way to allow malware to run undetected by neutralizing security defenses.

Who is affected

Organizations relying on endpoint protection solutions may face increased risk if such tools are successfully deployed. Disabling security software could enable prolonged attacker access and data compromise.

Why CISOs should care

Kernel-level defense evasion techniques undermine reliance on single-layer endpoint controls. CISOs must assume attackers will attempt to disable security tooling as part of intrusion campaigns.

3 practical actions

1. Endpoint hardening: Validate protections against unauthorized kernel-level manipulation.
2. Defense-in-depth: Ensure multiple security controls operate independently of endpoint agents.
3. SOC readiness: Train analysts to recognize indicators of security tool tampering.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity