A March 2025 update from Dragon Boss established persistence via scheduled tasks and arranged for any future payloads to be excluded from Windows Defender.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Dragon Boss Solutions LLC, a threat actor posing as a UAE-registered company, pushed a malicious update in March 2025 that transformed its adware into an antivirus killer. The update disabled AV tools from ESET, McAfee, Kaspersky, and Malwarebytes, established persistence via scheduled tasks, and excluded future payloads from Windows Defender across nearly 24,000 systems in 124 countries. Researchers at Huntress discovered the primary update domain was unregistered, sinkholed it for $10, and found infected systems included 35 government entities, 41 OT networks, and 221 higher education institutions. The incident highlights how adware can rapidly escalate into a full malware delivery platform, and how unregistered update domains create open backdoors for any attacker to exploit.

'Harmless' Global Adware Transforms Into an AV Killer