MalwareMay 1, 2026
⚠️ A defense evasion tool called ExEngine is being sold as a service, marketed as an AV/EDR kille...
ExEngine defense evasion tool sold as service to disable AV/EDR software.
Summary
ExEngine is a defense evasion tool being marketed and sold as a service that targets mainstream antivirus and EDR solutions including Windows Defender, Malwarebytes, Bitdefender, and Avast. The tool combines AV termination capabilities with a Ring-3 rootkit and UAC bypass functionality to evade security controls. This represents a growing threat landscape where adversaries purchase pre-built evasion capabilities to support broader attack campaigns.
Indicators of Compromise
- malware — ExEngine
Entities
Windows Defender (product)Malwarebytes (product)Bitdefender (product)Avast (product)