'Harmless' Global Adware Transforms Into an AV Killer

Summary

A seemingly benign update distributed by Dragon Boss adware in March 2025 contained malicious functionality that established persistence through Windows scheduled tasks and configured Windows Defender to exclude future payloads. This transformation from apparent adware to a sophisticated persistence mechanism demonstrates how legitimate-looking updates can be weaponized to create backdoors for secondary attack stages.

Indicators of Compromise

• malware — Dragon Boss

Entities