AuKill EDR Killer is a malicious piece of malware that has been created to disable endpoint detection and response (EDR) solutions. The malware’s goal is to prevent EDR products from detecting the malicious activities that it is trying to perform.

Recently, researchers discovered that the AuKill EDR Killer malware abuses the Process Explorer driver to achieve its malicious goals. The Process Explorer driver is a legitimate driver from Microsoft that is used to monitor and control processes. By abusing this driver, the AuKill EDR Killer malware can inject malicious code into legitimate processes, allowing it to bypass EDR security measures.

The malware also uses a technique known as “process hollowing” to hide the malicious code within legitimate processes. This technique allows the malicious code to be executed without detection by EDR solutions.

The AuKill EDR Killer malware is a serious threat to organizations that rely on EDR solutions to protect their networks. It is important for organizations to ensure that their EDR solutions are up to date and that they are utilizing all available security measures to prevent this type of attack. Additionally, organizations should be aware of the potential for malicious actors to abuse legitimate drivers to carry out malicious activities.